Information Security Officer (ISO)

From Clinfowiki
Jump to: navigation, search

An information Security Officer (ISO) has the responsibility of protecting PHI and PII that is electronically stored or transferred by implementing and monitoring compliance with organization policy.

An information Security Officer (ISO), sometimes called the Chief Information Security Officer (CISO) has the responsibility of information and information technology security, including protecting PHI and PII that is electronically stored or transferred by implementing and monitoring compliance with organization policy.

Introduction

According to AHIMA, “The security officer is responsible for the design, oversight, and ongoing management of the information security program, including policies, procedures, technical systems, and workforce training in order to maintain the confidentiality, integrity, and availability of data within all healthcare organization information systems. The security officer role addresses electronic systems architecture and functionality as it affects safeguards of protected health information (PHI) and business information assets.” Source: http://www.ahima.org/downloads/pdfs/resources/securityofficerjd.pdf

The ISO is often a separate department from the main information technology group as to provide unbiased jurisdiction over IT activities. The ISO also has the responsibility to keep up with industry standards (such as HIMSS) and national standards, such as the (HIPAA, for information security.

See Chief medical informatics officer (CMIO)