Meet Our Member: David Finn, CISA, CISM, CRISC

Health Information Technology Officer

David Finn, CISA, CISM, CRISC, is the recipient of the Board of Directors Service Award, which recognizes the dedication and achievements of those individuals who have just completed their term of service on the HIMSS board.


Finn is the health information technology officer for Symantec. Prior to that role, he was the chief information officer and vice president of information services for Texas Children’s Hospital, one of the largest pediatric integrated delivery systems in the United States.  He also served as the privacy and security officer for Texas Children’s Hospital.  Finn spent seven years as a healthcare consultant with IMG/Healthlink and PwC, serving last as the executive vice president of operations for Healthlink.

He has 30 years of experience in the planning, management and control of information technology and business processes.  Finn is focused on enabling operating efficiency and deriving business value through the optimization and control of technology. His key skills include IT governance and control, project management, systems selection and implementation, business and IT partnering, and IT audit, control and security.

Finn holds a bachelors degree from the University of North Dakota, Grand Forks, and a masters degree from Angelo State University, San Angelo, Texas. In addition to having served on the national board of HIMSS, he serves on the board of Houston Healthcare for the Homeless and is a member of the Information Systems Audit and Control Association and is currently on the Privacy and Security Committee of HIMSS.


HIMSS: How did you become involved with HIMSS?

Finn: I became involved with HIMSS back in the early 1990s.  First, I attended local chapter meetings, which were fun and educational.  I was with a consulting firm at a local provider working on what we called then the CbPR project, or computer-based patient record.  It was suggested that we participate in the HIMSS’ Annual Conference. I provided a poster presentation with our client, and I learned the power of networking during the annual conference.  It was fun to offer our experiences to providers who hadn’t come as far as us; we shared lessons we’d learned, and things to avoid, but it was especially beneficial to talk to people who were more advanced than us.  They told us what was coming next, how to organize projects, who could be champions, how to structure the project and problems we could anticipate.


HIMSS:What has been the most rewarding aspect of your involvement with HIMSS?

Finn: There is no doubt that the best part of HIMSS is the people you meet - the friends, the connections and the knowledge and resources you have access to.  I do a lot of speaking now at HIMSS and other educational events, and I always try to incorporate HIMSS in some way.  I’m fond of saying that HIMSS is like life, you get out of it what you put into it.  The more you give, the more you get back.


HIMSS: Please describe some of the milestone events in your career.

Finn: I’d already been in systems audit and IT as an “application developer” for about 10 years in government and higher education, when I received a call from one of the big pediatric hospitals in Houston.  They had just put in a new billing system on a VAX cluster.  I was managing the accounting, billing and collections systems, but they wanted someone who could audit the billing system on a VAX.  It was an excellent opportunity.

Taking the position was my move into healthcare, and my first major milestone. The next milestone was going to work with a niche healthcare consultancy called IMG (Insource Management Group), founded by Rod Canion, who had previously started a computer company called Compaq.  I eventually began working for Ivo Nelson and Dana Sellers. I left this company to learn “Big Eight” consulting, so I gained international experience at a large company.  By then, the Big Eight was down to six.  I went back to IMG, which soon became Healthlink. Both tours at IMG/Healthlink were very special times, milestone number three for me.

Milestone number four was becoming one of the first privacy officers in healthcare, in 2001, still two years from privacy compliance. I was back in the provider space, but in an area new to healthcare, which was privacy and security.

Milestone number five was becoming an accidental CIO. It was never in my career plan, but it was great fun and a very intensive seven-year learning experience.

The current milestone began in 2009, when I joined Symantec in a new role the company created for me, health IT officer. The position is still developing, but represents a deep commitment to the industry by a technology leader that has been in healthcare for many years. Symantec wants to understand this industry, fit into it and make sure a unique business undergoing great change is getting the needed attention from a technological perspective in privacy, security, compliance, IT control and management.  Additionally, Symantec brings industry leadership in some other areas critical to healthcare, such as availability and storage and in the emerging areas of cloud and mobile.


HIMSS: What are the most notable changes you’ve seen in the field of health IT over the course of your career?

Finn: I think most of the changes I’ve seen and been through are really a pre-cursor, they have set the stage for the changes we’re about to see. Health IT is in the midst of a perfect storm.  Healthcare and information technology are two huge industries in the throes of changing their business models, how they deliver what they do. Both areas are developing a new focus on what it is really all about - data and people.  Everything I’ve seen from the old CbPR project to the iPad, to cloud computing, to meaningful use will drive us to using data in new ways at anytime, from anywhere, on any device.  In healthcare, this will be a two-way street.  Devices connected to patients at home, while they travel, as they go about their daily business will populate their EHR and allow physicians and analytics tools to monitor, alert and help care for patients continuously. The advances being made in genomics and proteomics will allow this type of care to be completely individualized, making the security of the data and the authenticity and rights of the person providing or using the data critical.


HIMSS: What advice would you give professionals just entering the healthcare or IT field?

Finn: You are, without a doubt, at the best time and place in the history of both medicine and technology to begin a career.  Learn as much as you can.  Do become an expert but don’t get stuck in a silo.  Understand that technology is a tool, not an end.  Know how to work with people, design processes that support people in doing their job.  Recognize that technology that impedes patient care not only won’t work, it could be dangerous.  Remember, we are all here (from the healthcare side and the IT side) to take care of patients.  Try new things, but don’t use technology for technology’s sake. Make sure new technology has been well thought out, well planned, and always, have a fall back plan in place.