Published on: August 11, 2014
HITRUST and Southern Methodist University invest in strengthening the role of the healthcare CISO with new graduate program
HITRUST, in partnership with Southern Methodist University’s (SMU) Cox School of Business, today announced the first Healthcare Information Security and Technology Risk Management Graduate Certificate Program. This new program was founded to address the evolving role of Chief Information Security Officers (CISOs) and Chief Technology Risk Officers (CTROs) within healthcare organizations by providing security and risk professionals the industry-specific skills and competencies lacking today and needed to advance into these senior leadership positions. With the rise of digital risks throughout healthcare organizations, these gaps in talent are proving more troubling than technical gaps.
A high-profile faculty of professors from SMU’s Cox School of Business and Lyle School of Engineering will lead and govern the new program, as well as selected adjunct professors representing CISOs, CIOs and other senior-level executives from leading healthcare companies. Please see details regarding program leaders and oversight committee members below.
The exploding volume of sensitive electronic information in the healthcare industry, coupled with the need for instant access to information across devices and geographies, has magnified cybersecurity threats to these organizations. In fact a privacy breach on the scale of retailer Target’s is anticipated, according to health information security experts. At the same time, regulatory compliance scrutiny and fines as well as competitive pressures to innovate in a fast-paced digital economy are increasing. This risk environment is evolving at a much faster pace than security teams can keep up. As a result healthcare organizations are being forced to redefine and expand and structure of the CISO and CTRO role and the demand being placed on those executives who occupy the position, creating a gap between the demands of the job and the skills by those holding the positions. Yet the resources and formal programs available to help mature and enhance the skills have not been available.
This trend parallels predictions by security industry analysts. In fact, By 2017, 1/3 of large enterprises engaging in digital business will have a Digital Risk Officer or equivalent according to Gartner .
“Digital Risk Officers (DROs) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk,” wrote Paul Proctor et al., vice president and distinguished analyst at Gartner. “Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role as we are defining it.”
The Healthcare Information Security and Technology Risk Management Graduate Certificate Program addresses the major lack of relevant curriculum to develop these complex roles as well as a lack of relevant credentials that prospective employers can use to identify candidates. Unlike other certificates and courses today that are primarily basic or technical, the program addresses the gap for healthcare-specific information security technology, leadership and business-level management paths. Individuals passing the exam will receive a certificate in Healthcare Information Security and Technology Risk Management (CHISTRM).
The curriculum will span a range of topics including:
- Information technology and security challenges in a healthcare environment
- How to create a culture of security and privacy
- IT leadership and dealing with privacy and ethics issues
- Impact of industry, state and national regulations and policies
- Economics of information security and risk management
- IT security within business processes, and the IT infrastructure
- Project management
- Risk assessment and management methodology
Classes will be held quarterly at SMU starting in October 2014. Admission to the fellowship program will be based on nomination by the applicant’s senior management (CIO, CISO, etc.). Individuals interested in participating will also have to complete an application, meet the minimum education and experience requirements in information security and IT management and computer science. For more information on the program or the application process please visit: https://hitrustalliance.net.
- Amit Basu Ph.D. – Professor, Carr P Collins Chair in MIS, ITOM Dept Chair
- Fred Chang – Director, of SMU Lyle’s Darwin Deason Institute for Cyber Security, Bobby B. Lyle Centennial Distinguished Chair in Cyber Security Professor
Program Oversight Committee
- Sharon Finney – Corporate Data Security Officer, Adventist Health System
- Erick Rudiak – Vice President and CISO, Express Scripts
- Robert Booker – Vice President and CISO, United Health Group
- Jon Moore – Vice President and CISO, Humana
- Roy Mellinger – Vice President and CISO, WellPoint
- Michael Wilson – Vice President and CISO, McKesson
- David Muntz – Senior Vice President and CIO, GetWellNetwork
- Pamela Arora – Senior Vice President and CIO, Children’s Medical Center
- Patrick Joyce – Vice President, Global IT, Chief Security and Privacy Officer, Medtronic
- Jorge D. DeCesare – Vice President and CISO, Dignity Health
- Ray Biondo – Divisional Senior Vice President and CISO, Health Care Service Corporation
- Michael Pinch – Chief Information Security Officer, University of Rochester Medical Center
“Healthcare is a risk-sensitive, information-driven endeavor. The digitization of data across the healthcare continuum raises concerns about security and privacy. This new certificate program will provide an opportunity to share insights and experiences that will help those who have newer and broader responsibilities prepare the increasingly complex healthcare enterprise for the future.”
—David S. Muntz, CHCIO, FCHIME, LCHIME, FHIMSS, SVP & CIO, GetWellNetwork
“Successful healthcare industry CISOs in today’s connected digital economy need not only technical expertise but also business knowledge, to work effectively with CXOs on increasingly critical information security and risk management issues. That is the focus of the CHISTRM program.”
—Amit Basu Ph.D., Professor, Carr P Collins Chair in MIS, ITOM – Dept. Chair
“New regulations tied to the Affordable Care Act are now in effect regarding protected health information and electronic health records, which only underscores the need for data security to ensure privacy among patients. Cyberspace can be a pretty bad neighborhood, with too few barriers standing between hackers and their targets. Healthcare providers recognize that data security is of vital importance to their business.”
—Fred Chang, Director of Darwin Deason Institute for Cyber Security Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security at the Lyle School of Engineering, SMU
“HITRUST is engaged with all types and sizes of organizations in the industry and has substantial insights into their information protection practices and the impact a properly educated and trained information security leaders can have on the organization. The industry needs to invest in the CISOs and CTROs of the future to ensure the protection of vital information assets and systems, and maintain consumer confidence.”
—Daniel Nutkis, CEO, HITRUST
About SMU Cox
SMU’s Cox School of Business, originally established in Dallas in 1920 and named in honor of benefactor Edwin L. Cox in 1978, offers a full range of undergraduate and graduate business education programs. Among them: BBA, Full-Time MBA, Professional MBA (PMBA), Executive MBA (EMBA), Master of Science in Accounting, Master of Science in Business Analytics, Master of Science in Entrepreneurship, Master of Science in Finance, Master of Science in Management, Master of Science in Sport Management, as well as Executive Education and multiple certificate programs. The SMU Cox international alumni network includes chapters in more than 20 countries.
SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools.
The Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information privacy, risk and security leaders, has established a number of programs to support any and all organizations that create, access, store or exchange personal health and financial information. HITRUST is supporting the industry through its framework, assurance program, cyber center, risk management tools, education and leadership. It is also driving the widespread confidence in the industry’s safeguarding of health information through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.
All product and company names herein may be trademarks of their respective owners.