Privacy & Security

The typical chief information officer in healthcare is taking on more responsibility for determining strategy and digital transformation, with 84% of CIOs now part of their organization's executive leadership team. That's just one stat from a recent WittKieffer survey of CIOs and chief digital officers that also found the majority (54%) are reporting directly to the CEO. The report also found some shifts in IT titles. While traditional CIO titles remain common, with 71% retaining this designation, one in five now hold the title of chief digital and information officer, indicating a shift toward emphasizing digital transformation responsibilities. Two-thirds of these CDIOs were appointed within the last three years, indicating a recent trend toward integrating digital functions at a high level. A highly prized role Nick Giannas, senior partner with WittKieffer, said there are few C-suite leaders as pivotal to an organization's future as the CIO. "Healthcare organizations greatly value the role, partnership, and impact of their CIO at all levels," he said. "They seek their advice and guidance as they prioritize digital and AI initiatives to enable efficiency, improve the patient and provider experience and care outcomes overall." Current IT priorities include preparing for AI and machine learning adoption, anticipated by 92% of CIOs by 2025. The immediate focus, however, appears to be on foundational efforts, with 47% prioritizing advancing security programs. Forty percent of respondents said they were committed to major system implementations, such as electronic health records and enterprise resource planning systems. Abu Mirza, global SVP of digital products and engineering for GE HealthCare, said health systems increasingly prioritize the adoption of AI and cloud-enabled technologies, particularly those helping with scalability and cost-efficiency. "It's a trend that we'll continue to see in 2025, especially as we see such technologies drive measurable benefits when it comes to the enhancement of patient care and improved operational efficiencies," he said. Job satisfaction, high turnover Despite a high turnover rate – 53% of CIOs have assumed their roles within the last three years – job satisfaction is high, with 78% describing themselves as "extremely" or "very" satisfied. Brian Ackley, chief technology officer at UpScriptHealth, said organizations need to think holistically about their technology staff or they will suffer from high turnover rates. "Currently there is high turnover because skilled resources have many options available to them," he explained. "Generally if a CIO is happy at their current company, feels respected, appreciated, reasonably well compensated, and believes there is an excellent career track, there is no reason to seek employment elsewhere." He added fundraising for healthcare IT companies has been challenging in recent years and many have been companies unable to raise another round of capital, which makes alternatives intriguing for technology resources. "Technology leaders are in very high demand and compensation has been escalating," he said.  Matching expected CIO compensation The survey results suggested compensation trends parallel this rise in authority, as nearly half (47%) of CIOs appointed in the past three years earn over $500,000 annually. WittKieffer consultant Zachary Durst said it's important to emphasize compensation is dependent on organization size and scope, geography and other factors. The report points out that salaries are increasing across the board, especially for those executives who move to a new employer – a quarter of CIOs who changed jobs increased their income by more than 20%. "This implies that organizations may need to reevaluate annual salary adjustments to retain existing IT leaders in an increasingly competitive market," Durst said. He added it's important for the organization to know what market expectations are for CIOs and other key IT team members so they can adjust accordingly rather than lose key personnel. CIOs plan for expanded IT workforce More than two-thirds (68%) of CIOs surveyed said they plan to maintain or expand their IT teams, with a strong commitment to internal talent, as 87% of organizations said they plan to outsource less than a quarter of their IT functions. Talent development remains a top priority, although challenges in enhancing team performance (59%) and creating development opportunities (53%) indicated the need for focused skill-building initiatives. Dr. Harvey Castro, a physician and healthcare consultant, said upskilling programs are a key part of the effort to retain and bolster internal talent. "Continuous learning opportunities in areas like AI/ML, cloud technologies, and cybersecurity keep IT staff competitive and prepared for the demands of healthcare technology," he said. This commitment to skill development should be accompanied by efforts to build a collaborative culture, where interdisciplinary teams merge IT and clinical expertise to drive impactful solutions. To retain top talent, many organizations are also establishing structured career pathways. "Clear growth opportunities within the organization give employees a reason to stay and develop their careers internally," Castro explained. Flexible work models, career development In addition, flexible work models, including hybrid and remote options, have become essential offerings, especially as healthcare IT adapts to post-pandemic expectations. Beyond proficiency in AI/ML and data analytics, a strong understanding of cybersecurity frameworks is critical to protect sensitive healthcare data. "Cybersecurity is a top priority given the importance of protecting patient information," Castro said. Hillary Ross, managing partner, information technology practice leader for WittKieffer, recommended healthcare organizations cast a wider net for talent into other industries, especially for individuals who may be interested in working in a mission-driven industry like healthcare. "Create individualized development plans that map out how an individual can grow and advance within the organization and in their careers," she said. Nathan Eddy is a healthcare and technology freelancer based in Berlin. Email the writer: nathaneddy@gmail.com Twitter: @dropdeaded209

George Pappas, healthcare cybersecurity expert and CEO of Intraprise Health, says HIPAA is just a baseline for new state regulations that include incident reporting within 72 hours.

A cybersecurity CEO offers advice on tactics healthcare CISOs and CIOs should use to protect sensitive telehealth data, and how providers can adopt a proactive security stance specific to virtual care.

For Global Health Equity Week, HIMSS senior principal of cybersecurity and privacy Lee Kim describes some of the ways how privacy and security intersect with health access and patient engagement – and how artificial intelligence can help.

The U.S. Department of Homeland Security sees three areas of concern as artificial intelligence is used across critical infrastructure sectors: attacks using AI, attacks targeting AI systems and design, and implementation failures.

The Administration for Strategic Preparedness and Response will be surveying agencies to assess the readiness of state, local, tribal and territorial public health organizations to manage cyber threats and gauge their needs for support.

Approximately 10% of all U.S. healthcare workers will divert opioids or other controlled substances from their workplace at some point in their career.1 Drug diversion, or the illegal distribution or abuse of prescription drugs, remains a top challenge at hospitals and health systems across the country, and is often undiscovered and underreported.2 Steve Wenger, Inpatient Pharmacy Manager at Rady Children's Hospital in San Diego, California, still recalls his shock when a backed-up sewer line was found to have been clogged by syringes and fentanyl vials. “We had some open trash cans in the operating room and discovered that someone had been stealing partial doses of fentanyl out of them,” he said. In the past, determining where those vials had been diverted from and the person or persons responsible would have required hours of pharmacy staff time to investigate. However, Rady Children’s Hospital had already implemented radio frequency identification (RFID) medication management technologies, which helped Wenger’s team easily locate where the vials had been originally placed so they could focus their investigation and implement solutions to prevent future issues. “Having these systems let us know that we had to switch out our waste systems so this kind of diversion couldn’t happen anymore,” he added. Manual counts and intense documentation efforts Historically, pharmacists and pharmacy technicians spent a substantial part of their day manually logging the controlled medications used throughout the hospital. They were required to perform physical counts of opioids and other restricted substances multiple times a day while also maintaining all corresponding documentation to track where those drugs resided in the facility. Christa Miller, Senior Pharmacy Manager at AdventHealth in Orlando, Florida, said that those manual processes were time consuming, but became even more so whenever they found a discrepancy. “When we see that our Dilaudid count is off by one, we need to figure out what happened,” she said. “Did a nurse accidentally grab two vials instead of one? Did the vial fall between the cabinet drawers? Or was it diversion?” She recalled one instance in which the team had to complete three separate physical searches of the narcotics vault, requiring multiple staff members to be present, before realizing that the item in question had been misplaced. The addition of RFID medication management solutions such as narcotic vaults, anesthesia control systems, cabinets and refrigerators has helped immensely, according to Miller. But the addition of manufacturer-enabled RFID medications could bring further efficiencies to controlled substance management. “You would be able to see, immediately, that something has gone missing without having to physically inspect the machine or safe,” she noted. In cases in which diverters might adulterate a drug or replace it with something else, having RFID-tagged medications would also help Miller’s team to investigate an issue before patient safety was put at risk. “You could see that someone went into the pocket, removed 10 vials and then replaced them 10 minutes later,” she said. “Those flags could help us move a lot faster in our diversion investigations, as well as help prevent diversion because people would know we would have a clearer window into what they are doing.” Preventing controlled substance diversion requires a comprehensive approach Both Wenger and Miller agree that RFID medication management solutions have already improved their teams’ ability to read, count and document medications and their movement across facilities. Manufacturer-enabled RFID medications could further streamline their monitoring and investigative processes. “It would be like automatically scanning items at a grocery store,” Wenger pointed out. “You could push the anesthesia or emergency tray through the RFID reader, and it would give you a printout of everything that’s inside, including the expiration dates and lot numbers, without having to tag and scan every medication.” This would not only save staff considerable amounts of time but would also help avoid manual errors that might make it easier for a drug to be diverted or tampered with once it leaves the pharmacy. Miller believes such a future is possible if drug manufacturers and medication management solution providers come together to create it. “If our controlled substances all came with RFID tags and our safes and narcotic vaults were all RFID-enabled, we would be able to see if there’s an issue without having to spend hours counting,” she said. “When we can quickly figure out if it was a diversion or medication error, we can accelerate our investigations. And, in the process, we will increase efficiency and safety.” For stories and perspectives from industry thought leaders exploring how RFID technology and innovation advance healthcare, visit https://www.plusrfid.com/insights/. References Healthcare Diversion Network. https://healthcarediversion.org/. Knight, T., May, B., Tyson, D., McAuley, S., Letzkus, P., and Enright, S. 2022. Detecting drug diversion in health-system data using machine learning and advanced analytics. American Journal of Health System Pharmacy 79(16):1345-1354. August 5. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9353695/. 5476-CORP-08-10/24 v1.0

Here’s what IT teams can do to mitigate risk across the enterprise.

Jill Brewer, market insights lead at HIMSS, previews a new report that finds third-party risk management to be the top challenge and vulnerability for health system IT leaders and execs – many of whom are seeking AI-powered threat detection tools.

Cybersecurity expert Richard Staynings of the University of Denver says the clinical information used for AI-enabled decision support models needs to be protected – but that's a tall order with so much of it to manage.