Subscribe now to receive the new updates. 

ABOUT David Chou

David Chou is a healthcare industry leader in the digital space.  David is the CIO for Luye Medical Group (Cleveland Clinic Connected) while also serving as the VP, Principal Analyst of Silicon Valley based Constellation Research, Inc.  Chou has held executive roles with the Cleveland Clinic, Children's Mercy Hospital, University Of Mississippi Medical Center, AHMC Healthcare, Prime Healthcare, and is also advising many academic medical centers and healthcare start-ups.  

David is a dynamic keynote speaker and industry commentator working with clients to transform their business models using technology.  He has spoken around the world at healthcare tech-related conference including keynotes for leading industry events and intimate executive settings. Chou is also one of the most mentioned CIOs in the media and well quoted in outlets such as the Wall Street Journal, Modern Healthcare, HIMSS Media, ZDNet,, Huffington Post, and Becker's Healthcare.  David is an active member of both ACHE and HIMSS while serving on the board for CHIME. 

HHS is coming down hard on the fines!

November 7, 2019

The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.


#Chousangle - This is an area where, on the surface, it looks like an easy fix where every device such as a thumb drive and laptop should be encrypted. Encryption of the device is the easier part. The challenge comes down to setting up a security program, as stated in the correction action agreement.  


A third party consulting entity will conduct the risk analysis to identify the gaps. Once you have the gaps identified, the technical debt on the network infrastructure will be identified.  

    1. Will budgeted be allocated to support the next generation secured infrastructure or will the health system take 3-5 years on the infrastructure redesign and implementation, creating a constant state of hardware refresh? 

    2. Enterprise risk needs an organizational owner. Who is accountable for enterprise risk? This has to be the COO or someone leading operations and not the CIO.

    3. An important key area is to design a security program, including the right governance structure vs. checking off the box on the audit. 

    4. Will research institutions comply with the organization's security protocol?

    5. How will we hold employees accountable for failing to comply with the security guidelines? 


These are just a few notes off the top of my head. What are your thoughts?

Share on Facebook
Share on Twitter
Please reload


October 16, 2019

July 29, 2019

Please reload


Blockchain: a Healthcare CIOs’ View

August 28, 2018

Please reload


  • Grey Facebook Icon
  • Grey Twitter Icon
  • Grey Instagram Icon