HealthCare Too Discusses the Importance of Having an Incident Response Plan in Place

HealthCare Too Discusses the Importance of Having an Incident Response Plan in Place

Tim Perry

CIO and Co-Founder

HealthCare Too


Bryan Kaiser

Founder and President


To listen to the podcast, click here!

CIO of HealthCare Too, Tim Perry, discusses the importance of having an incident response plan in place. 

Hello, and welcome to the comSpark podcast, where you will get to meet today's technology thought leaders. To learn more, visit

BK: We are here today with Tim Perry, who is the CIO and Co-Founder at HealthCare Too. HealthCare Too is an organization based in Columbus, Ohio that focuses on a consumer platform for holistic health. My name is Bryan Kaiser. I'm the President and Founder of Vernovis, and also part of the executive host committee at comSpark. I will be your guest moderator today, so let's get started. Tim, thanks for your time.

TP: My pleasure, entirely!

BK: Appreciate you coming in. So, let's get right into it. What would you recommend to a company that has no security or governance plan? Where do you start?

TP: The biggest way to start, the best way to start, is with an incident response plan. Uh, too often we look at security and governance and we think only technology. We think technology solutions, we think, you know, processes that end up just sitting on the shelf. If we think about an incident response plan, you know, every business, every day has a number of incidents that threaten it. It could be active shooters, it could be a weather phenomenon, it could be some type of a key person misconduct. When we think more holistically about what it is that we need to do to protect the business, it's no longer about a data breach or a hacker incident. And so this allows companies to start thinking across all the functions – not just what IT can do, but what legal does, what marketing does, what sales, what operations, and all of those functions coming together and having a cohesive, coherent plan to deal with any incident.

BK: So, once you have an incident response plan in place, where do you go from there?

TP: You practice it. It is vital that once you…if you develop the world's greatest incident response plan and never exercise it, never make sure that people who are accountable for it know that they are accountable for it and what they have to do, you know, when it actually comes time to execute this, who's going to contact the news outlets? Who's going to contact, you know, shareholders, who is going to contact, the, uh, you know, the employees and tell them what they have to do in order to continue to work? Or what, if there's going to be missed work? All those types of things have to be done. From an IT perspective, there are a number of protocols that need to be in place – how to preserve data to make sure that, uh, you know, you can use it in legal proceedings. So, all of those aspects have to be done together as one cohesive plan that everyone in the business has a share in owning it.

BK: So, so in essence, this is no different than having a disaster recovery plan that you practice –  a fire drill. If there's a fire, what do you do and where do you go and how do you handle it? Or if there's a weather incident or, or anything. I mean it's, you have a plan and you need to know what it is, need to establish it and you need to practice it.

TP: Absolutely. When we have snow days in Central Ohio, it's vital that people know where they're going to go to get updates, what the decision criteria are going to be whether to call it a snow day or not, by what time those decisions have been made – that's a great example. Uh, so as we face more and more incidents, you know, especially in a global economy that is getting more and more tightly knit together, we have to be able to address incidents that we may not have even imagined 20 years ago.

BK: I agree. So, what do aspiring IT leaders need to do to prepare themselves for the next step?

TP: Ah, one of my favorite questions. Probably the most important thing for IT leaders is to forget that they are IT leaders. They are business leaders. Their role is to deliver business results. They may specialize in technology, but no different from a CFO or a Chief Marketing Officer or what have you. Their role is to be a business executive, to be a business leader. Now, they need to learn to think holistically across the various platforms of technology. You cannot be the world's greatest application developer and a good business executive IT leader, whatever term you like, but they have to learn to think about the application, the data center, the training required to roll that application out. So, anyone who's in a technology role today must think about the, all the technologies, whether they're in-house, whether they're outsourced, technologies that are coming, changes that are coming, and then working very closely with all their business counterparts. Actually, I hate that term, business counterparts. They are, you know, people in other parts of the business. IT is just another part of the business, uh, working holistically across all of those facets. No more silos within IT. No more IT as a silo.

BK: You know, someone recently described it to me as this: IT used to be the central nervous system of a company. It's the, it's the computers and, you know, do I have access to a phone and, you know, where do I go to get my email and all of this. And now, it's becoming more of the heartbeat of the company.

TP: That's an interesting way to look at it. Uh, I wrote a book a few years ago called “IT at the fork in the Road: From Support to Service,” because IT had always looked at rolling out the next technology project, and then putting it into a support mode. And it's no longer like that because it's, IT itself may not even deliver your, what's, what the business is using. They may have to branch out and work with third parties like Facebook and Amazon, uh,  Expedient and so on. So, there's no reason for IT to see itself as this as a silo. It is the heartbeat that really does power the organization. But, you know, just because it pumps the blood to the lungs, the lungs have a role. So, you have to understand what that is also. So, it is very important that, that IT has that relationship with all the other parts of the, of the business. It is, again, just another part of the business.

BK: You know, I recently heard the CIO of Kroger speak at a, at a conference, and he went as far to say, “We are not a grocery company anymore. We are a technology company that happens to sell groceries.” What are your thoughts around that?

TP: He's absolutely right. It’s that, when I started the conversation, I said that it's not about being an IT leader, it's about being a business leader. You know, there isn't…you cannot be an IT leader in this day and age. You have to be a business leader, you have to understand your business, you have to understand whether a technology that you, that you want to introduce will make a useful impact and whether you're going to be able to introduce that, monitor it, management, uh, handle the changes for it. Uh, it's really, it's, it's absolutely vital that we understand, across the spectrum, what it’s going to do for the business, and then what parts of it that need to be done in-house, what it means to be outsourced, what products already exists, what technologies are already on the horizon. There's a complete enterprise architecture view that has to accommodate what the business wants to achieve. If all you're doing is implementing a technology today to deal with a today business problem, you're not being a business leader. You need to look at what technologies exist, what process improvements exist, to where the business wants to go, and be that partner that helps enable that.

BK: So, Tim, I have one more question for you.

TP: Sure thing.

BK: How do you see technology changing in the next three years?

TP: In the next three years, it will continue to be this never-ending tsunami of new technologies and, uh, you know, different, you know, different vendors and so on, on the landscape. But, more importantly is what will happen from the unintended consequences. What will happen socially, technically, economically, politically, as all of these technologies – you know, whether it's artificial intelligence and machine learning or whether it's, you know, more, more work into the cloud or whether it's, you know, new security paradigms – all of these things are going to happen, and they will, they will bring with them a number of unanticipated, unintended consequences.

Uh, so, for example, some great ones are going to be, uh, internet of things will produce a huge amount of data that has to be collected, brought back into the, the organization, has to be stored, has to be manipulated, you know, so that requires changes in applications, changes in data centers, changes in storage. So, it's what we don't understand that's going to be coming in. So, everyone who works in technology, who works in the business, needs to understand what that can look like for their organization, but more importantly, how they're going to respond quickly to when there are unexpected risks or opportunities.

BK: What do you think all of these changes will mean to you and your business?

TP: For HealthCare Too, we're really excited. Because these, these are opportunities for disruption. We see that the current, you know, sick care system really needs to change to accommodate, uh, chronic illnesses, which are 80 percent of what we spend. And many consumers are becoming more active than, you know, they don't want to wait until they have a huge insurance bill. They went to become more proactive. They want to, uh, you know, buy some products that will replace the processed foods that they're currently eating. They want to learn meditation and mindfulness exercises – Tai Chi, Chi Kung and so on. So, we want that platform. And as more people are seeing through social media, and as more people are seeing through videos and so on, that there are other avenues than waiting until they're sick and then receiving care – this is a great opportunity for HealthCare Too.

BK: Couldn't, couldn't agree with you more, and I feel like we could unpack this for days, quite honestly. We could keep going on this conversation

TP: I would be happy to come back!

BK: That'd be great! But unfortunately, our time has run short. But thank you for your time today, Tim. Uh, this is Bryan Kaiser with Vernovis and Tim Perry with HealthCare Too. To learn more about us, please visit, and we'll see you next time.

To learn more about sponsorship opportunities for 2019, contact Michelle Ziegler at

Related Stories

No stories found.
CDO Magazine