HEALTHTECH: How does attending the CHIME23 Fall Forum benefit you and your organization?
MURO: What I find most valuable at CHIME is connecting with healthcare CIOs regarding a wide range of topics impacing technology leaders. I also collaborate with non-healthcare CIOs in our unique and innovative Silicon Valley community. It’s intriguing because we all have the same issues and pressures, even in very different industries. I value networking because you often can find a solution to a problem when checking in with your peers either in industry or out of industry. At CHIME, they are bringing healthcare CIOs together to build relationships and support each other. I enjoy the educational sessions at CHIME and the opportunity to meet with our vendor partners during focus groups. We’re talking to them about how they can help us and, at the same time, we’re learning about future plans and roadmaps for their product offerings. I find CHIME a great time of networking not only with peers, but also our vendor partners in which we share what is top of mind for all of us. This type of collaboration is so critical for leaders in the healthcare technology area.
I appreciate the education, networking and the digital health checkups that we’ve done through CHIME to understand how well we’re doing to transform healthcare. CHIME offers the Digital Health Most Wired survey, which provides healthcare organizations feedback regarding what they are doing well in addition to key areas for improvement. In fact, we’re developing goals right now for my team, and I’m reviewing the survey results and identifying, “Where were our gaps? Where were our areas of opportunity? Let’s use this information to create a focus for improvements within the next year.” So, it’s been very beneficial in many ways.
HEALTHTECH: Can you give some background about El Camino Health and why cybersecurity is so important for the organization?
MURO: We were one of the first hospitals in the country to implement an electronic health record, over 50 years ago. As we’re in the heart of Silicon Valley, Lockheed Martin approached us in 1969 to develop this platform together. We worked with them for several years to design a computerized physician order entry system, which back in those days was unheard of. We overcame many challenges to implement this leading-edge platform in 1972. We also have Fogarty Innovation Institute on our Mountain View campus, demonstrating that passion for innovation is in our organizational DNA.
Due to our location in the Silicon Valley, we’re taking care of high-tech patients who have higher expectations of the care that they receive. They really understand how technology should work and how innovation is so critical.
We are pressured in many ways to meet those demands. While innovation is wonderful, it also is an area where we must spend time assessing cyber risk. As we’re thinking about new technologies, it’s critical that we’re validating vendor capabilities to protect the health information of our patients. How will we be able to protect the data of our patients and make sure that while we’re innovating, we’re also ensuring that we’re doing this in a very safe and secure manner?
DISCOVER: A penetration tester shares where to make healthcare security improvements.
HEALTHTECH: What are some of the biggest cybersecurity challenges that healthcare leaders face today?
MURO: One of the most challenging aspects of our job is the fact that healthcare is expected to keep up with the latest and the greatest cybersecurity tools and technologies, but some of our vendor partners providing the products and services that we use don’t always stay up to date.
Medical devices must go through a very lengthy FDA approval process, and by the time they get through that process, they often experience challenges with keeping components such as operating systems supported to meet patching requirements. They must manage the balance between making sure that a product or service has completed the very stringent approval process, and keeping their product up to date within the life cycle process. As we’re all in this new world of frequent updates for operating systems, these vendors are tasked with keeping their products up to date and yet making sure that they meet those FDA requirements. It’s an ongoing challenge for some of the firms and the organizations providing the technology we rely upon.
We’re constantly working with those partners to keep their technologies and systems up to date. It’s something that we’ve had to really push and encourage. I’m seeing a difference in the market. The FDA has played a part in that piece with some of the medical equipment devices, but it’s so critical with healthcare that not only are we providing the latest products and services but we’re also making sure that they have the latest cybersecurity technology and protections in them. Therein lies the challenge: We’re building the plane while we’re flying it. It’s critical that our eyes are focused on both fronts: innovation and protecting the organization.
HEALTHTECH: How is the evolving cybersecurity landscape impacting your role as CIO?
MURO: It’s important that we make sure we have great partnerships with companies that can help protect us. We form those great relationships and there are many new tools and technologies that are also critical.
I meet with partners, we talk about what technologies they provide, and I make sure that we’re really taking advantage and optimizing those systems, which is so important. We additionally have the resonsibility to demonstrate resiliency. How do we make sure that we have redundancy in our technology? How do we make sure that we can take care of patients no matter what comes our way? That’s really what the role of the CIO is today: to make sure that we’re prepared and ready for whatever might occur in the future.
HEALTHTECH: How would you recommend other healthcare IT leaders approach risk management to keep their organization secure?
MURO: We have put in place an opportunity for any staff member to raise their hand when they feel that there is a risk in the organization. Years ago, when the airline industry was having some real issues with safety, it enabled a high-reliability approach in which any team member could stop a plane from taking off. This meant any employee on the tarmac raising a concern was taken seriously if they noticed a safety issue. We’re trying to instill that same thought process, that anyone can raise a concern which will be reviewed and addressed. We have put in place the capabilities for communication, documentation and remediation of safety concerns which are tracked and monitored within a risk register.
