Five Questions With: Anthony Siravo

Anthony Siravo is vice president and chief information security officer for Lifespan Information Services.
 / COURTESY LIFESPAN
Anthony Siravo is vice president and chief information security officer for Lifespan Information Services. / COURTESY LIFESPAN

Anthony Siravo was recently named Lifespan’s vice president and chief information security officer. Charged with ensuring that Lifespan’s information technology security infrastructure complies with best practices and government regulations, Siravo will serve as a principal member and facilitator of Lifespan’s information security oversight committee.

PBN: Lifespan hired you shortly after bringing Dr. Cedric Priebe on to serve as senior vice president and chief information officer. How do your responsibilities differ from those of Dr. Priebe?
SIRAVO:
Dr. Priebe is responsible for the smooth management and execution of vital technologies that run the organization. My responsibility, as chief information security officer, is to ensure that Lifespan’s information assets are adequately protected. I am the process owner for all activities related to the confidentiality, integrity and availability of Lifespan’s systems and data and I oversee all the regulatory and compliance requirements, such as the payment card industry and the Health Insurance Portability and Accountability Act. I collaborate with executive management to determine Lifespan’s strategies, appropriate risk management, mitigation protocols and technology applications.
PBN: You have extensive information security experience, but not in the medical industry. What aspects of your work experiences will be especially relevant to working in this specialized field?
SIRAVO:
I have direct experience providing technology solutions for medication administration, specimen collection, patient identification and remote patient monitoring. I have helped support medical supply chain protocols, reduce overall health care cost, automate management systems, track patient progress and improve the responsiveness of dozens of health care providers. In addition, I have been involved in delivering technology security tools that enhance clinical performance and improve the delivery of care.
Hospitals and health care locations that share the same technologies … are in critical need of an extraordinary level of security. I have managed the security for hundreds of locations and business units, and have product security experience from the vendor side of the house. The same products and security controls are found in Lifespan’s hospitals.
PBN: What information security issues are unique to a hospital network system? How do you plan to address them?

SIRAVO: Information security risks and issues are the same across business and hospital network systems. The same processes and technology solutions apply for both; what’s different are the data that must be protected and the types of devices used. At Lifespan, protected health information is the most sensitive data; medical devices are the most sensitive types of equipment.
PBN: Your charge is to ensure that Lifespan’s IT security infrastructure is in compliance with the industry’s best practices and government regulations. How will you ensure that Lifespan stays abreast – or ahead – of the moving target of best practices?
SIRAVO:
Security organizations increasingly have access to lots of intelligence, but they don’t usually have the tools and processes to act on it. Business and security administration functions must have established partnerships to act proactively on intelligence to stay ahead of the always-moving security target. Our focus will be on raising awareness and building a security and risk-conscious culture with a shared sense of purpose. Enabled with the correct knowledge and tools, Lifespan will always be precisely aligned to execute predictive and proactive approaches. With our operations and security personnel working together, Lifespan will remain on the cutting edge of the constantly changing security landscape.
PBN: What do you envision as your key challenges in the first 60 or 90 days of coming on board, and how do you plan to address them?

SIRAVO: I am assessing Lifespan’s security program, including its current threat landscape and risk posture, and I have implemented mitigating controls to determine where we are with respect to the industry’s best practices. In addition, I will conduct a very thorough gap analysis and risk assessment by collaborating with all the key stakeholders and technology users. By leveraging the diversity of needs, opinions and priorities, we will ensure the successful development, launch and continual evolution of our information security strategy going forward.

- Advertisement -

No posts to display