The role of healthcare CIO: evolution from past to future

By Jon McGettigan, Senior Director, Australia, New Zealand & South Pacific Islands at Fortinet

The healthcare industry has seen remarkable developments through the years, and so has the roles of the healthcare chief information officers (CIOs) in Australia and abroad. All thanks to digitalisation. We are fortunate to be living through the fourth industrial revolution, where the world is racing on the wheels of technology that has enabled the world’s largest taxi firm, Uber, to own no cars; world’s most popular media company, Facebook, to create no content; world’s most valuable retailer, Alibaba, to carry no stock; and the world’s largest accommodation provider, Airbnb, to own no property.

The world we live in is changing at an exponential pace, and so is healthcare sector which has become an intricate ecosystem of different networks comprised of a wide variety of connected devices and moving data, which weren’t always this open in the past. As a result, the role of the healthcare CIO has had to expand and adapt. As networks expand and connected devices permeate the healthcare landscape, the CIO will continue to play an increasingly important role in an institution’s success.

The journey of evolution

In the past, the CIO’s job description lacked clarity and essentially revolved around broader technology-manager functions, including main tasks such as keeping up with network security, configuring devices, and resolving any access issues. Data in healthcare systems once flowed at a sluggish pace, and while there were simple server issues that demanded attention, outside threats hadn’t become a reality. The rise of interconnectivity and the demand for accelerated access to patient and medical data changed that.

The onset of My Health Record system in Australia, under the My Health Records Act 2012 improved quality and safety of health-data management. The My Health Record system is the Australian government’s digital health record system that contains online summaries of an individual’s health information, previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.

The digitisation of products and processes, however, has dramatically changed the roles of today’s healthcare CIOs, who now engage in overseeing the management of a constant flow of sensitive information between departments, hospitals, doctors’ offices and suppliers, while keeping critical medical devices online. The protection of this information plays a direct role in maintaining the integrity of healthcare institutions and hence is very critical to the CIO’s responsibilities.

Due to the sensitive nature of medical data, the healthcare industry has been a bit slower to join in on the technology takeover that other industries have experienced. According to the a report by McKinsey and Company, most pharmaceutical and medical-technology companies are digital laggards compared with companies in travel, retail, telecommunications and other sectors. Other reasons for this, apart from data security, are: limited understanding of implementation strategies of new technologies across complex product and services lines; a shortage of native digital talent; and too little focus on digital topics from senior leadership.

To make the leap to an electronic healthcare system seamlessly, the CIOs need to ensure an adaptive security infrastructure is in place that is designed to handle and defend it. When networks and data aren’t properly secured, not only will there be no improvement in the quality or cost of healthcare, but healthcare systems will also continue to be a preferred target for cybercriminals.


By taking a comprehensive approach to digitisation, healthcare companies can deliver products and services more quickly, boost innovation in the industry, and hold down costs. With this increased scope of digitisation and potential cybersecurity threats, it is reasonable to expect that CIOs will need to continue the trend of establishing themselves as key executives with the power to make decisions that could alter the institution’s future. The CIO will be expected to blend advanced technology and services while building a team of tech professionals and an integrated and adaptive security infrastructure that is prepared to adapt to increasingly sophisticated and complex threats. In this role, they will be the ‘point person’ on everything pertaining to system data, system security and analytics.

With Fortinet Solutions for Healthcare, including the highly adaptive Fortinet Security Fabric, the challenge of data security can be alleviated. The role of the healthcare CIO has been evolving at the same rapid pace as the technology that is driving the healthcare sector forward, and will not slow down any time soon. It’s imperative that they choose and adopt a security strategy that is designed to evolve along with them.