A New Credential for Healthcare Security LeadersOne of the Developers Describes New Professional Certification
A new professional credential aims to help healthcare organizations bolster their security leadership bench strength, says William Brad Marsh, co-chair of a committee that developed the certification.
The Certified Healthcare Information Security Leader - or CHISL - credential was created by the Association of Executives in Healthcare Information Security, a subgroup of the College of Healthcare Information Management Executives.
"There are a number of security certification programs, but they are not tailored to the healthcare environment," Marsh says in an interview with Information Security Media Group. The new certification is "sculpted" for healthcare security leaders, he says.
In its statement about the new credential, CHIME notes that it's modeled after the organization's Certified Healthcare CIO, or CHCIO, certification program, which is exclusively for healthcare CIOs.
To earn the CHISL designation, a security executive will need to pass an exam that tests knowledge of seven domains: organizational vision and strategy; technology proficiency; change management; value assessment and management; service management; talent management; and management of security relationships.
In addition, individuals seeking the CHISL credential also need to demonstrate three years of healthcare security leadership experience. Once enrolled in the credential program, participants will have access to exam study materials and the option of in-person or remote testing, CHIME says.
Those who will earn the CHISL credential must be good communicators, Marsh says. "They have to connect the CIO, CISO, the clinicians and end users to the security side," he says.
"All too often, in healthcare, security is seen as a bolt-on - something that goes on top when everything is done. But what we've seen time and again with breaches is that model doesn't hold. So now we need to make sure we have that strategic-level leader who can bring all of this together."
Anyone who is dedicated to security in healthcare - at organizations of any size - is a candidate for the credential, he explains.
"We are encouraging all manner of entities to seek improving security overall, and the CHISL is one methodology where you can make sure that whomever is manning your security is taking care of it," Marsh says.
In the interview (see audio link below photo), Marsh also discusses:
- The individuals within a healthcare organization who are potentially candidates for pursuing a CHISL credential;
- How the new professional credential is crafted for the healthcare sector;
- Other efforts planned by CHIME and AEHIS to help bolster the education of healthcare security leaders.
Marsh is a certified emergency nurse and certified healthcare CIO. In 2016, he supported the Healthcare Industry Cybersecurity Task Force writing its report to Congress on the state of the healthcare industry's cybersecurity posture and the resulting imperatives to improve the industry security overall. As an 18-year Army officer, Marsh is involved with supporting the modernization of the Department of Defense and Veteran's Administration electronic health records in the role of Military Health System GENESIS solution owner in the DoD's Defense Health Agency, health informatics.