Headlines at Hopkins: news releases from across
university Headlines
News by Topic: news releases organized by
subject News by Topic
News by School: news releases organized by the 
university's 9 schools & divisions News by School
Events Open to the Public (campus-wide) Events Open
to the Public
Blue Jay Sports: Hopkins Athletic Center Blue Jay Sports
Search News Site Search the Site

Contacting the News Staff: directory of
press officers Contacting
News Staff
Receive News Via Email (listservs) Receive News
Via Email
Resources for Journalists Resources for Journalists

Virtually Live@Hopkins: audio and video news Virtually
Hopkins in the News: news clips about Hopkins Hopkins in
the News

Faculty Experts: searchable resource organized by 
topic Faculty Experts
Faculty and Administrator Photos Faculty and
Faculty with Homepages Faculty with Homepages

JHUNIVERSE Homepage JHUniverse Homepage
Headlines at Hopkins
News Release

Office of News and Information
Johns Hopkins University
3003 N. Charles Street, Suite 100
Baltimore, Maryland 21218-3843
Phone: (410) 516-7160 | Fax (410) 516-5251

October 6, 2003
CONTACT: Phil Sneiderman
(410) 516-7907

Johns Hopkins Names New
Chief Information Security Officer

Darren Lacey Will Oversee Handling of Confidential
Medical, Student and Employee Files

An enormous amount of sensitive information is generated each day within The Johns Hopkins University and The Johns Hopkins Health System, from student and employee data to medical records, in paper documents and electronics files. To make sure this information is collected and stored in a safe and secure manner, Johns Hopkins has appointed Darren Lacey to serve as chief security officer/information security policy coordinator for the university and the health system.

In his new role, Lacey, a university employee since February 2000 who currently is executive director of its Information Security Institute, will draw on his training as an attorney and as an information technology specialist.

"This will be a complex position," Lacey said. "There's a lot of new privacy and security legislation that Hopkins is required to comply with, including several regulations dealing with student information and medical records. The idea of this position was to coordinate the ways we protect our information, whether it's being stored or transmitted. We need to maintain the privacy of this material and at the same time make sure we have a strategy in place to recover the data in case some type of electronic problem or property loss occurs."

Lacey, a 38-year-old Baltimore resident, will report to Stephanie L. Reel, chief information officer for the university and the health system.

"Darren is uniquely qualified to provide leadership in this complex area," Reel said. "His appreciation for the law, for technology and for institutional values is rare and valued."

Lacey, who assumed his new post Oct. 1, believes Hopkins already is doing a good job of protecting its information. He pointed out that Johns Hopkins' networks held up better than those of many other universities and corporations during the recent flurry of computer virus attacks.

At the same time, he said, one of his key challenges will be to make sure all offices of the university and the health system are coordinating information security rules and procedures.

For the first year or more, Lacey will focus much of his energy on new Health Insurance Portability and Accountability Act security requirements, coordinating his activities with the Johns Hopkins Medicine HIPAA Office, reporting to Joanne Pollak, general counsel for Johns Hopkins Medicine. He will work with Carol Richardson, the Johns Hopkins Medicine HIPAA privacy officer, to ensure that the institutions are compliant with these regulations across the enterprise.

He also will be responsible for the safe and secure handling of paper and electronic data at the Homewood campus, East Baltimore medical campus, Johns Hopkins Bayview Medical Center, Howard County General Hospital and other Johns Hopkins locations.

"I'll be making recommendations about privacy and security regarding our files and records," Lacey said. "Security is what allows privacy to take place. If I leave patient records or confidential student files open and unattended on my desk, I'm not securing privacy for these materials. If I use faulty passwords that make it easy for someone to break into our computer system, that can compromise privacy, too."

In his new role, Lacey will confer with attorneys for the university and the health system, as well as their information technology staffs. He comes to the job with a 1990 law degree from Harvard, a 1986 B.A. degree in philosophy and mathematical logic from Baylor University, and extensive experience in electronic data systems. But because of the size and diversity of Hopkins' operations, he expects to have his hands full during the coming months.

"There will be a great coordination challenge here at Hopkins because this is such a large and far-flung institution," Lacey said. "My job will be to help people work together on information security matters."

Lacey expects to retain his affiliations with both the university's Information Security Institute and Enterprise Development Office but not in day-to-day management roles.

Johns Hopkins University news releases can be found on the World Wide Web at http://www.jhu.edu/news_info/news/
   Information on automatic e-mail delivery of science and medical news releases is available at the same address.

Go to Headlines@HopkinsHome Page