The position of CISO should be elevated so that it gets "the appropriate recognition and authority at the very highest levels of the organization," says Marx, senior vice president and CIO at Texas Health Resources, which operates 25 hospitals and 34 outpatient facilities in Texas.
At the Texas delivery system, the information security officer and chief compliance officer head up an information systems governance council for security, he explains. Also on that council are other senior leaders from the organization's clinical and business sides. "They're the body that approves new policy," he says.
By broadening the membership of the IS governance council on security to leaders across the clinical and business operation of Texas Health Resources, "many others have a sense of ownership into the importance of security so it doesn't become an IT thing, because I think that would be dangerous," he says.
The council reports to an audit and compliance committee of Texas Health Resource's board of directors, Marx notes. "There's a direct line from the board to security," he says. "We've had this in place for about two years. It works very, very well."
By having the council in place, the CIO says, "We ensure strategic alignment, we ensure that security and privacy of patient information, and we give the authority and visibility that's required for successful security programs."
Marx also advises other healthcare CIOs to make sure their CISO and chief compliance officers "have the power and the authority required to do their job and no one can road-block [them]."
CIO of the Year
In January, Marx was named recipient of the 2013 John E. Gall Jr. CIO of the Year Award, an annual honor bestowed by the College of Healthcare Information Management Executives and the Healthcare Information and Management Systems Society. The award recognizes healthcare IT executives who have made significant contributions to their organization and demonstrated innovative leadership through effective use of technology. Marx will be receiving the CIO of the Year Award at the HIMSS14 conference in Orlando on Feb. 25.
Marx's "commitment to supporting the value of healthcare IT and promoting its effectiveness as a strategic asset make him a worthy recipient of this prestigious award," says CHIME President and CEO Russell Branzell.
In the interview, Marx also discusses:
- Steps that Texas Health Resources has taken to bolster mobile device security;
- Security and privacy issues facing health information exchanges;
- Lessons learned from a 2013 breach at the organization's Texas Health Harris Methodist Hospital Fort Worth, which involved improper disposal of decades-old microfiche medical records.
In addition to his role as CIO for Texas Health Resources, Marx is the governor-appointed chairman of the Texas Health Services Authority, which is responsible for coordinating the implementation of health information exchange in Texas. Previously, Marx held IT leadership positions at Parkview Episcopal Medical Center in Colorado, Healthcare Corporation of America in Nashville, and Cleveland's University Hospitals.