ABSTRACT

Chief Medical Information Officers (CMIOs) need to represent the interests of clinicians and patients by highlighting the negative impacts to patient care that would result from proposed privacy and security changes. The goal of the CMIO should be to help his or her organization find an optimal balance between the aspirations of collaborative, connected patient care, and the risks of insider snooping and external cyberattacks. The definition of that balance is where the aggregate risk to patient safety and quality, and to privacy and security, is lowest. CMIOs are critical players in security governance and decision-making, since they—often uniquely—understand the needs and perspectives of clinical care and of technology, and because they have knowledge and experience of how clinicians interact with information systems. CMIOs should consider privacy and security as core to their responsibilities as workflow, design, and clinical decision support.