HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
John Houston is vice president, information security and privacy, and associate counsel for the UPMC, a $11 billion health system headquartered in Pittsburgh, Pa. (www.upmc.com). In this position, he has broad accountabilities across UPMC, including accountabilities related to privacy, information security and legal matters associated with the acquisition, licensing and use of technology. Mr. Houston is responsible for the UPMC startup “CloudConnect”, a company that offers cloud-based IT services to healthcare providers. He is also an adjunct assistant professor in the Department of Biomedical Informatics in the University of Pittsburgh School of Medicine.
John has been significantly involved in UPMC’s compliance with the privacy and security provisions of HIPAA and the American Recovery and Reinvestment Act. He has testified twice before the United States Senate’s Health, Education, Labor and Pension Committee and once before the U.S. Senate Judiciary Committee. He has also spoken nationally and internationally on such topics as health care privacy and health care information systems.
John was also a member of the National Committee on Vital and Health Statistics (NCVHS) from 2002 until 2010. NCVHS is a public advisory body that makes recommendations to the secretary of the U.S. Department of Health and Human Services. As a member of NCVHS, Mr. Houston co-chaired the NCVHS Subcommittee on Privacy, Confidentiality and Security.
John completed his undergraduate studies in 1986 at the University of Pittsburgh and received a Bachelor of Science in Computer Science and History. Mr. Houston later attended the Duquesne University School of Law where he received his JD degree in 1994.
As vice president of privacy and information security, and general counsel for UPMC, an $11 billion integrated delivery network, John Houston focuses on “what’s going on today” but he’s equally concerned with “what do I have to worry about in 12 to 36 months related to security?”
Houston’s rolling three-year strategic plan harmonizes with UPMC’s overall business goals. It considers the organization’s strategic roadmap, and aligns security initiatives accordingly. Whether it’s moving to the cloud, endpoint security (how can we better connect and protect?), or vendor management, Houston’s strategic plan addresses “what we need to be successful.” He also reviews the plan regularly to realign priorities to meet the organization’s changing needs and to “get back on track” when necessary.
When it comes to security, Houston calls creating a strategic plan “an important concept,” and in this session, he’ll explain to attendees now to create a plan that meets organizational needs.
In this session, healthcare leaders discuss their organizations' journey to the cloud: What applications have they put in the cloud? What went well, what didn’t? Have the promised business and clinical benefits materialized? What cloud service providers do they use and why? What is their approach to securing data in the cloud and vetting vendors?
Speakers will discuss the good, the bad, and the ugly, and in the process give attendees deep insights into how best to develop their own cloud-computing strategy.