Q&A with CISO Dan Bowden, Part 1: “We’re Going to Come Out Better on the Other Side.”

“As a CISO, you need to think about what’s in it for the business.”

With that statement, Daniel Bowden confirmed what many industry experts have already recognized: that the CISO position – much like the CIO – has evolved significantly in recent years. It’s no longer just about keeping information secure (and, consequently, keeping patients safe); it’s about introducing solutions in a way that can help enable the business without interrupting clinical workflow.

During a recent interview, Bowden talked about the unique challenges facing information security leaders as health systems battle Covid-19, the opportunities that exist to create better relationships with users, and what he believes are the keys to maintaining a solid security strategy. He also talks about the valuable lessons he learned while serving in the US Air Force, why he believes mentoring is so critical, and what he believes sets Sentara apart from other organizations.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Key Takeaways



* Telemedicine isn’t just about improving patient care; it also helped conserve PPE by enabling physicians and nurses to communicate with patients from outside of their rooms.

* The security team at Sentara was one of the first to transition to remote work, and as a result, played a key role in providing training to other departments.

* The biggest challenges in having a large remote team are getting patches deployed, facilitating collaboration, and setting realistic expectations.

* With fraud incidents on the rise, CISOs should be focused on “better identity solutions, better identity proofing, and a transportable digital identity that will be leveraged across business use cases.”

* By enabling second-factor authentication verifications and doing behavior-based access control up front, security leaders are able to “remove friction later.”





Q&A with Dan Bowden, Part 1

Gamble:  Is your team working from home at this point?

Bowden:  Yes. Anyone in our IT organization who isn’t focused on patient care, or directly supporting those who do — meaning they need to go into a hospital to perform their duties — is working from home. The Commonwealth of Virginia set some pretty tough and important safety guidelines for employers, and the way our IT building is laid out, it’s impractical to try to bring 900 people back while figuring out how to adhere to the rules.

 

Gamble:  How did the transition go in terms of setting up digital health capabilities?

Bowden:  It’s interesting; we had already started work in 2018 on a new comprehensive capability for telehealth that was integrated with our EHR and with our mobile app. We have mobile apps for our patients and our health plan members. The challenge is always in the adoption of new technology.

Covid-19, although it is a tragedy, has shone a light on our capabilities for telehealth. Whereas in January of 2020 we were seeing about 200 to 300 telehealth visits per month, by April it was up to 60,000 per month, and we didn’t have to build anything new for that. We had the capability; we were just waiting for someone to use it.

At that time, before we knew what we know now about equipment and PPE, there was a huge concern about conserving PPE. That’s where telehealth came in. It wasn’t just for patients being able to see providers from their homes — it was now being used within facilities to conserve PPE. If a nurse or doctor can speak to the patient from the nurse’s station or out in the hallway using an iPad, that helps conserve PPE and lower the consumption rate...