Thank you for your interest in AEHIS, the Association for Executives in Healthcare Information Security. The online application process should take only a few minutes to complete.

Membership Dues*

Membership in AEHIS is in an individual’s name and is non-transferable and non-refundable. Dues will be charged upon acceptance into AEHIS – you will have an opportunity to pay via our online portal, by check, or over the phone.

  • Free for CHIME and CHIME Affiliate members*
  • $164 for AEHIS membership

*As the highest-ranking IS/IT executives at a healthcare provider or payer, CHIME members are eligible for complimentary membership in AEHIS and its sister organizations, AEHIT and AEHIA. Membership in the affiliated associations will be concurrent with CHIME membership; should a member wish to retain an AEHIS, AEHIT or AEHIA membership but allow their CHIME membership to lapse.

**Security leaders who also perform applications or technology-specific functions for their organizations would qualify for inclusion in CHIME’s affiliated associations, AEHIT or AEHIA. If you are interested in becoming a member of multiple associations, please include relevant details pertaining to your job skills and scope in your membership application and we will continue to process your membership application without delay. If you have questions about necessary qualifications, please contact [email protected] for more information.

Click here to Continue

Membership Criteria

Membership in AEHIS is targeted for those principally in charge of healthcare information security at a payor or provider facility. While those who qualify will generally be the Chief Information Security Officer (CISO) or the highest ranking executive responsible for information security, those in charge of security for major divisions and/or regions of large corporate or integrated delivery systems will also be considered for membership.

The healthcare community will include delivery systems, payer/insurance organizations, and other healthcare-related organizations. Because of the rapidly changing healthcare landscape, these criteria serve as primary guidelines, which may evolve as industry and IS strategies change.

Employment Criteria

  1. Health Services Delivery Organization(s)
    1. Hospital/Acute Care
    2. Medical Groups (e.g., PPOs, Group Practices)
    3. Long Term/Extended Care
    4. Home Health Care/Hospice/Long-term Care
    5. Public Health Care Agencies (providing direct care services)
  2. Healthcare Payer/Insurance Organizations
    1. Insurance
    2. HMO
  3. Management Service Organizations & Other Healthcare IT Related Organizations
    1. Organizations related to healthcare IT but whose primary business does not include selling memberships, OR selling hardware, software or consulting services to healthcare leaders.
    2. Qualified organizations normally provide or are otherwise linked to direct patient care. Such organizations may include: radiology groups, disease management companies, RHIOs, state or federal government agencies and state hospital associations.
    3. If an organization has multiple business units, 50%+ of the organization’s primary business must meet the above noted membership criteria. For example, if 25% of an organization is dedicated to physician staffing but the remaining 75% of an organization is dedicated to IT consulting, the CISO from such an organization would not be qualified.


Job Responsibilities

  1. Highest ranking information security executive OR
  2. Regional, market area, or facility level security executive
    This person will normally be responsible for overall service delivery and budget
    accountability OR
  3. Contract CISOs (either employed by a consulting or vendor firm, or are self-employed)
    1. If the security function of a health services delivery organization or a payer organization is outsourced, and there is no CISO employed by the organization itself, then that outsourced CISO (who may be an employee of a consulting or vendor firm, or self-employed) is eligible for membership. In this case, the outsourced CISO must be working full time as the CISO at the specified healthcare or payer organization.
    2. If the applicant or renewing member is self-employed (usually as a consultant) and actively looking for a permanent CISO role, he or she may continue with his or her membership for one year. To qualify as a self-employed CISO, the member cannot be on contract with a consulting firm, or have a paid staff of consultants OR
  4. Security executives who are not corporate CISOs but who have regional or facility-level security leaders reporting directly to them OR
  5. CHIME member in good standing OR
  6. Corporate Senior IT Executives. CHIME applicants who do not meet criteria 1-3 above may also be qualified to join. If the corporate Senior IT Executives are assessed to have a sufficient level of authority in their organization (using a point-based criteria), they are entitled to full membership in AEHIS.
Reporting Relationship

Generally reports to CEO, COO, CFO or CIO of the delivery system.


Scope of Responsibility

  1. Has overall security responsibility. Additional duties may include telecommunications, medical records, management engineering, etc.
  2. Leads the security strategy for the organization, as evidenced by reporting relationship and committee involvement.
  3. Has a significant security organization.