AEHIS Names Erik Decker 2019 Health Information Security Innovator of the Year

PHOENIX, AZ, Nov. 4, 2019 – Erik Decker, the chief information security and privacy officer at University of Chicago Medicine, faced a daunting task in 2017 when he was asked to serve as the industry lead and co-chair of the 405(d) Task Group. His job, along with government lead and co-chair Julie Chua, was to bring a diverse mix of more than 150 healthcare and cybersecurity experts together to develop and draft a cybersecurity toolkit. Not just any report but a consensus-based report that organizations of any size could use to strengthen their cybersecurity posture.

In 2018, the 405(d) Task Group released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, or HCIP. The four-part document offers straightforward, consensus-based guidelines, best practices and methodologies that peers say is innovative in its reach, simplicity and long-term impact on the healthcare industry. It aligns with key regulatory and framework guidance, too, allowing for seamless implementation. The HHS 405(d) Task Group is still active, with new materials due out at the end of the year and a brand new resource on the scale of HCIP slated for 2021.

Decker’s innovative approach is considered a model that others can use to build consensus, consolidate insights and produce a practical resource for a diverse group of users. His achievements have earned him the Association for Executives in Healthcare Information Security’s (AEHIS) inaugural Health Information Security Innovator of the Year title. The award was announced today at the AEHIS Fall Summit in Phoenix.

“AEHIS is ecstatic that Erik Decker has been selected as the organization’s Innovator of the Year,” said Carter Groome, chair of the AEHIS Education and Professional Development Committee. “Erik’s selfless leadership and contribution to the 405(d) HICP publication stands to benefit the healthcare community and consumers at large. By providing clear and practical, sized-based counsel to health executives and security practitioners dedicated to reducing risk, Erik’s contribution is truly innovative.”   

Decker currently is a member of the Executive Council of the Healthcare Sector Coordinating Council’s Joint Cybersecurity Working Group. He served as the chair of the AEHIS Board in 2018, AEHIS Board vice chair in 2017 and chair of the AEHIS Public Policy Committee in 2017. He has provided testimony to a congressional subcommittee,  participated in two roundtables held by congressional staffers that focused on medical device security and has been a presenter at conferences hosted by AEHIS, the College of Healthcare Information Management Executives (CHIME, which launched AEHIS in 2014) and other professional associations.

“I have had the privilege to work with many talented cybersecurity leaders, both in the private sector and in government,” Decker said. “We all are constantly learning, sharing and innovating to stay ahead of bad actors. It is an honor to be recognized by my peers, and to be named AEHIS’ very first Health Information Security Innovator of the Year.”

The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 to provide an education and networking platform to healthcare’s senior IT security leaders. With nearly 900 members, AEHIS is advancing the role of the chief information security officer (CISO) through education, collaboration, exchange of best practices and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit


The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs) and other senior healthcare IT leaders. With more than 2,800 members in 51 countries and over 150 healthcare IT business partners and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit


Candace Stuart
Director of Communications and Public Relations, CHIME
[email protected]