Derek ChristopherThe CIO of a Midwestern healthcare management organization says security monitoring and awareness dominate his company’s IT priority list and how he helps his business open new revenue opportunities and find new growth areas.

Derek Christopher leads the IT department for Hines & Associates, Inc. (Hines), a healthcare management organization based of Elgin, Illinois with several small branches throughout the Midwest. He’s also a new member of our Midsize Enterprise Summit Advisory Board, where he’s driving content for our upcoming MES Spring 2018 event, which takes place later this month in Orlando.

He’s worked in IT for nearly a quarter-century. He joined Hines in 2004 as a network administrator. Four years later, he earned a promotion to director, overseeing all IT-based systems, infrastructure, and staff. In addition, due to his accounting background, he briefly oversaw accounting early in his career.

In these capacities, he has facilitated substantial cost savings while increasing the technology footprint within the Hines organization. Some of these initiatives include an organization-wide Citrix and thin client deployment, greatly augmented security measures and user education, and the creation of an online reporting tool that has significantly enhanced and streamlined customers’ access to their data.

We talked to Derek recently about the unique challenges he faces working in healthcare when it comes to IT, where he’s investing his IT dollars and what remains on his priority list for future years. Here are highlights from that conversation:

What unique challenges do you face in working in healthcare when it comes to IT?

Security awareness. As with other organizations, being susceptible to phishing and other forms of security attacks is a huge challenge. With the vast majority of my organization being comprised of nurses, that challenge becomes a bit more difficult as that is not their forte. 

Compliance with federal and state regulations. Due to us being a healthcare organization, we have to maintain our compliance with HIPAA, HITECH, and other regulations regarding the safeguarding, maintenance, and disposal of protected health information. These regulations change, often without notification, making it a challenge to maintain compliance.

Hacking for medical records. Healthcare records are high on the list for hackers due to the amount of exploitable information each medical record contains.

Where are you investing your IT dollars this year?

At least for the first quarter, we are investing more of our IT dollars into security. This is comprised of security monitoring tools and security awareness training for our users.

How has that changed from previous years?

We have slightly increased our spending in security when compared with previous years. However, the addition of security awareness training is significantly new – as this is our first instance at using outside resources to facilitate this crucial task. 

What remains on your priority list for future years that you can’t get to this year?

We have a few things that remain on our priority list: Hardware/software refresh; VoIP implementation; SD-WAN implementation

How important are things like BI, IoT, AI and security?

Security and BI technology are very important strategies for my organization. At this time, we are not able to take advantage of IoT and AI technologies. But, as we move forward into the future, that could change.

How are you helping your business open new revenue opportunities and growth areas?

We are using BI technology to gain more insight into trends and other information from the patient data we utilize and store. We into to offer this information to our customers potentially as a revenue-generating process. As well, we are implementing automation and other efficient methods and technology to lower costs across the organization.