Chief Information Security Officer
Darren Lacey Will Oversee Handling of Confidential
Medical, Student and Employee Files
An enormous amount of sensitive information is generated each day within The Johns Hopkins University and The Johns Hopkins Health System, from student and employee data to medical records, in paper documents and electronics files. To make sure this information is collected and stored in a safe and secure manner, Johns Hopkins has appointed Darren Lacey to serve as chief security officer/information security policy coordinator for the university and the health system.
In his new role, Lacey, a university employee since February 2000 who currently is executive director of its Information Security Institute, will draw on his training as an attorney and as an information technology specialist.
"This will be a complex position," Lacey said. "There's a lot of new privacy and security legislation that Hopkins is required to comply with, including several regulations dealing with student information and medical records. The idea of this position was to coordinate the ways we protect our information, whether it's being stored or transmitted. We need to maintain the privacy of this material and at the same time make sure we have a strategy in place to recover the data in case some type of electronic problem or property loss occurs."
Lacey, a 38-year-old Baltimore resident, will report to Stephanie L. Reel, chief information officer for the university and the health system.
"Darren is uniquely qualified to provide leadership in this complex area," Reel said. "His appreciation for the law, for technology and for institutional values is rare and valued."
Lacey, who assumed his new post Oct. 1, believes Hopkins already is doing a good job of protecting its information. He pointed out that Johns Hopkins' networks held up better than those of many other universities and corporations during the recent flurry of computer virus attacks.
At the same time, he said, one of his key challenges will be to make sure all offices of the university and the health system are coordinating information security rules and procedures.
For the first year or more, Lacey will focus much of his energy on new Health Insurance Portability and Accountability Act security requirements, coordinating his activities with the Johns Hopkins Medicine HIPAA Office, reporting to Joanne Pollak, general counsel for Johns Hopkins Medicine. He will work with Carol Richardson, the Johns Hopkins Medicine HIPAA privacy officer, to ensure that the institutions are compliant with these regulations across the enterprise.
He also will be responsible for the safe and secure handling of paper and electronic data at the Homewood campus, East Baltimore medical campus, Johns Hopkins Bayview Medical Center, Howard County General Hospital and other Johns Hopkins locations.
"I'll be making recommendations about privacy and security regarding our files and records," Lacey said. "Security is what allows privacy to take place. If I leave patient records or confidential student files open and unattended on my desk, I'm not securing privacy for these materials. If I use faulty passwords that make it easy for someone to break into our computer system, that can compromise privacy, too."
In his new role, Lacey will confer with attorneys for the university and the health system, as well as their information technology staffs. He comes to the job with a 1990 law degree from Harvard, a 1986 B.A. degree in philosophy and mathematical logic from Baylor University, and extensive experience in electronic data systems. But because of the size and diversity of Hopkins' operations, he expects to have his hands full during the coming months.
"There will be a great coordination challenge here at Hopkins because this is such a large and far-flung institution," Lacey said. "My job will be to help people work together on information security matters."
Lacey expects to retain his affiliations with both the university's Information Security Institute and Enterprise Development Office but not in day-to-day management roles.
Go to Headlines@HopkinsHome Page