Privacy and IT security need to be working in lock step, and doing so gets a lot easier when they’re led by the same person. That’s exactly what happened at UChicago Medicine in September when Chief Privacy Officer Karen Habercoss assumed the additional role of CISO.
Scroll down to watch or listen to the full interview; or subscribe to healthsystemCIO on your favorite podcasting channel
A Unique Perspective on Leadership
Beginning her career as a clinical social worker within the Department of Psychiatry at UCM, Habercoss later transitioned to compliance, serving at the Joint Commission, before returning to UCM in 2016 as a Privacy Officer.
Reflecting on this evolution, Habercoss remarked, “I’ve had the privilege of observing various organizational structures—privacy within compliance, security within IT, and now, privacy and security under one umbrella. This integrated approach enhances our ability to align efforts effectively and mitigates the inefficiencies of siloed operations.”
The Imperative for Integration
In numerous health systems, privacy and security functions are frequently compartmentalized, resulting in inefficiencies and communication barriers. Habercoss explains the necessity of integration. “Privacy and security teams share the ultimate objective of protecting patients, data, and the institution. However, differing terminologies and perspectives can obscure communication and pose challenges,” she said.
At UCM, the current structure facilitates close collaboration while maintaining the distinct roles of each team. Habercoss identified five critical themes essential to fostering successful partnerships between privacy and security functions:
- Cross-Functional Alignment: Ensuring alignment between departmental goals and priorities is paramount. “Ambiguities in role delineation or responsibilities can lead to conflict. Effective collaboration requires a shared understanding of both systemic and departmental objectives,” she noted.
- Operational Understanding: Gaining insight into the day-to-day responsibilities of each team enhances efficiency and reduces redundancies. “It is crucial to invest in understanding each other’s workflows to ensure decisions are comprehensive and well-informed,” she emphasized.
- Team Dynamics: Establishing trust and transparency is foundational. Drawing upon her social work experience, Habercoss observed, “Fragmented trust undermines collaboration. Fostering strong relationships and shared accountability is essential to achieving common goals.”
- Organizational Culture: Institutional values play a pivotal role in shaping the integration of privacy and security efforts. “When organizational culture disproportionately prioritizes cybersecurity, privacy teams may feel undervalued. Unified training and governance strategies can bridge these gaps,” she highlighted.
- Regulatory Responsibilities: The evolving regulatory landscape adds another layer of complexity. “The expansion of privacy regulations to encompass employees and consumers demands adaptive strategies. Established cybersecurity frameworks can serve as valuable models for privacy initiatives,” Habercoss explained.
Habercoss emphasized that aligning privacy and security efforts with the broader goals of the institution is vital. Through fostering collaboration, UCM ensures that both teams contribute cohesively to the protection of critical information and the support of organizational objectives.
Strategic Leadership and Influence
Habercoss’ approach to leadership places a strong emphasis on strategic alignment and influence. “While titles confer authority, the ability to create value and align initiatives with institutional priorities is far more consequential,” she remarked.
Habercoss underscored the importance of comprehending an organization’s strategic priorities—be it growth, risk mitigation, or other imperatives—and tailoring privacy and security strategies to support these aims. “Achieving objectives often involves presenting options that balance institutional risk tolerance with viable outcomes,” she explained.
Trust, Habercoss noted, is integral to cultivating productive relationships with leadership. “Delivering consistent results and maintaining transparency regarding challenges are key factors in earning trust. Over time, these efforts establish a solid foundation for collaboration,” she asserted.
Preparing for Future Challenges
As privacy and security teams contend with escalating regulatory demands and evolving threats, the ability to adapt and collaborate becomes increasingly indispensable.
Proactive communication with leadership is a cornerstone of her approach, particularly when presenting risks and recommendations. “The objective is to equip decision-makers with the necessary information to evaluate risks and make informed decisions. Trade-offs are inevitable, and my role involves ensuring that our strategies align with the institution’s vision while mitigating potential risks,” she stated.
Habercoss articulated her guiding philosophy: “Ultimately, our mission is to protect what matters most—our patients, data, and institution. Success in this endeavor demands that we listen, learn, and lead with unity.”
Podcast: Play in new window | Download (Duration: 25:25 — 17.5MB)
Subscribe: Apple Podcasts | Spotify | Android | Pandora | iHeartRadio | Podchaser | Podcast Index | Email | TuneIn | RSS
Share Your Thoughts
You must be logged in to post a comment.