Electronic Healthcare Records , Endpoint Security , Governance & Risk Management

Balancing Strong Security With Clinicians' Needs

Omar Khawaja, CISO at Highmark Health, Discusses Key Challenges
Balancing Strong Security With Clinicians' Needs
Omar Khawaja, CISO of Highmark Health

What are some of the critical considerations for aligning strong security controls with the workflow needs of clinicians? Omar Khawaja, CISO of Highmark Health, which includes health plans and the Pittsburgh-based healthcare delivery system Allegheny Health Network, discusses key issues.

Doctors and nurses sometimes push back on security measures that they perceive as preventing them from quickly accessing patient information needed to make important treatment decisions, the CISO says in an interview with Information Security Media Group. Measures that can generate resistance unless the need is carefully explained, he says, include default timeouts in electronic health records systems and certain authentication methods.

"Too much security can hinder the business from achieving its objectives - and conversely, too little security can also disrupt the business in surprising ways and therefore prevent the business from achieving its objectives," Khawaja stresses. "Ultimately, it should be about security serving the needs of the business."

In this interview (see audio link below photo), he also discusses:

  • Other challenges in aligning security with business needs in healthcare;
  • Balancing compliance with broader security risk management issues;
  • Mistakes to avoid in implementing security risk management strategies.

Khawaja is vice president and CISO for Highmark Health, a national health and wellness organization that employs more than 40,000 people and serves millions of Americans in all 50 states. Khawaja has spent more than 15 years delivering, developing and managing security solutions for startups, service providers, consulting firms and enterprises. Previously, Khawaja was with Verizon Enterprise Solutions, where he was responsible for a portfolio of security solutions.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.