As Vice President, Chief Information Security Officer for Option Care Health, Jill Rhodes is passionate about protecting patients’ health information. That starts with fostering a culture of security, a mission that, for her, extends far beyond her job.
Jill compares information security to seatbelts. When laws were first enacted many people grumbled about the hassle. Today, most wouldn’t think of driving off without first putting on the seatbelt. It’s become ingrained in our culture.
“We need to build a very similar culture for information security so that everyone in their daily lives thinks, ‘Am I going to give everyone my credit card over the phone? Did I check that I’m sending the information to the right person? Should I email that personal information?” she said.
Earning industry recognition
Her efforts to create a culture of security at Option Care Health have not gone unnoticed. She was named 2019 Chief Information Security Officer of the Year in Chicago by the Association of Information Technology Professionals, ISACA, FBI-InfraGard, Information Systems Security Association (ISSA) and the Society for Information Management (SIM). She believes she was chosen due to her strategic and holistic (including governance, process, technology and people) approach to health information security.
For example, at Option Care Health, Jill and her team built an ambassador program, in which every Option Care Health location has an information ambassador. These are not IT folks, but infusion therapy nurses, pharmacists and office managers; in other words, those who don’t work in the world of IT, but are affected by it.
“They’re in the field providing infusion services and the more my team and I can share with them, the more we can get this vital information about protecting ourselves and our patients out there to everyone,” she said.
The ambassadors speak monthly to other employees at their locations to provide tips and advice. It’s a grassroots trainer-trainee model that has been successful at Option Care Health. Jill saw benefits of this model in the past as well when she was working with the federal government supporting democratic development in other countries. As a Foreign Service Officer, she educated students about multiparty elections and how to vote. The students would then tell their parents, spreading the knowledge and value of voting.
From national security to patients’ private health information
Her holistic worldview and commitment to creating a culture of security comes from an astounding breadth and depth of life experiences. She worked in international development in Bolivia and Russia as a diplomat and helped people transition to multiparty democracy in Eastern and Southern Africa. Jill has worked for the State Department, Department of Homeland Security, the Department of Defense and the CIA. She was a member of the Senior National Intelligence Service, has a law degree, volunteers with the American Bar Association, and runs the security committee at her temple. Jill has also written for and edited several books on security.
During her work with the federal government, she saw the data and security perils firsthand, but realized the biggest risk lay in the economic risk to the private sector created by cyber incidents. As a result, she resigned from federal service and moved to the private sector.
Improving cyber security at the office and at home
The culture-building is working, says Jill, who notes people now regularly send her emails that don’t look right or tell her their stories of family members being scammed via a simple click of the mouse.
When people ask her what they can do to improve their own security, her standard advice is:
- Educate yourself about threats that exist and how to protect your (and your family member’s) information
- Know what to do when something happens – and it will. The right response is critical
- Talk about experience and technological issues – from phishing emails you’ve received to how to update your devices – with friends, family and coworkers
“Our team members work with patients daily and my role is to help us all protect this information and reduce our risk – not just at Option Care Health, but in every facet of our lives.”