AEHIS Individual  Membership

AEHIS membership is open to CISOs and senior security leaders at healthcare related organizations. To facilitate collaboration and the development of stronger healthcare IT security leaders, AEHIS members are encouraged to refer other healthcare security executives as well.

Membership is only $149 annually!


Membership Criteria

Membership in AEHIS is targeted for those principally in charge of healthcare information security at a payor or provider facility. While those who qualify will generally be the Chief Information Security Officer (CISO) or the highest ranking executive responsible for information security, those in charge of security for major divisions and/or regions of large corporate or integrated delivery systems will also be considered for membership.

The healthcare community will include delivery systems, payer/insurance organizations, and other healthcare-related organizations. Because of the rapidly changing healthcare landscape, these criteria serve as primary guidelines, which may evolve as industry and IS strategies change.

Employment Criteria

  1. Health Services Delivery Organization(s)
    1. Hospital/Acute Care
    2. Medical Groups (e.g., PPOs, Group Practices)
    3. Long Term/Extended Care
    4. Home Health Care/Hospice/Long-term Care
    5. Public Health Care Agencies (providing direct care services)
  2. Healthcare Payer/Insurance Organizations
    1. Insurance
    2. HMO
  3. Management Service Organizations & Other Healthcare IT Related Organizations
    1. Organizations related to healthcare IT but whose primary business does not include selling memberships, OR selling hardware, software or consulting services to healthcare leaders.
    2. Qualified organizations normally provide or are otherwise linked to direct patient care. Such organizations may include: radiology groups, disease management companies, RHIOs, state or federal government agencies and state hospital associations.
    3. If an organization has multiple business units, 50%+ of the organization’s primary business must meet the above noted membership criteria. For example, if 25% of an organization is dedicated to physician staffing but the remaining 75% of an organization is dedicated to IT consulting, the CISO from such an organization would not be qualified.


Job Responsibilities

  1. Highest ranking information security executive OR
  2. Regional, market area, or facility level security executive
    This person will normally be responsible for overall service delivery and budget
    accountability OR
  3. Contract CISOs (either employed by a consulting or vendor firm, or are self-employed)
    1. If the security function of a health services delivery organization or a payer organization is outsourced, and there is no CISO employed by the organization itself, then that outsourced CISO (who may be an employee of a consulting or vendor firm, or self-employed) is eligible for membership. In this case, the outsourced CISO must be working full time as the CISO at the specified healthcare or payer organization.
    2. If the applicant or renewing member is self-employed (usually as a consultant) and actively looking for a permanent CISO role, he or she may continue with his or her membership for one year. To qualify as a self-employed CISO, the member cannot be on contract with a consulting firm, or have a paid staff of consultants OR
  4. Security executives who are not corporate CISOs but who have regional or facility-level security leaders reporting directly to them OR
  5. CHIME member in good standing OR
  6. Corporate Senior IT Executives. CHIME applicants who do not meet criteria 1-3 above may also be qualified to join. If the corporate Senior IT Executives are assessed to have a sufficient level of authority in their organization (using a point-based criteria), they are entitled to full membership in AEHIS.
Reporting Relationship

Generally reports to CEO, COO, CFO or CIO of the delivery system.


Scope of Responsibility

  1. Has overall security responsibility. Additional duties may include telecommunications, medical records, management engineering, etc.
  2. Leads the security strategy for the organization, as evidenced by reporting relationship and committee involvement.
  3. Has a significant security organization.