Meet the Collective is our series highlighting the great people who make up Collective Health. Today, we’re sitting down with Brian Hanson, Chief Information Security Officer.
Where are you from?
I have been in California for a very long time but originally I am from Kansas City, Missouri.
What happened in your career that led you to Collective Health?
I have spent most of my career in tech, healthcare and insurance. Having experience in all three of those domains made Collective Health a perfect fit for the next step in my career. On a personal level, I was looking to join an organization that had an innovative culture, and could make a difference. Within healthcare, the challenges and risks tend to be higher, which makes the challenge of working at Collective Health all the more appealing.
What excites you most about where Collective Health is going?
Like most people who work at Collective Health, I was drawn to the mission. It’s important to me knowing the work I do has a positive impact on the lives of our members. Everyone you know has had struggles with healthcare—the complexity of it, the billing process, misaligned incentives, etc. My own personal experiences have made me wish I already was a Collective Health member!
What’s an example from your career that really showed to you that we needed to think about and approach healthcare differently?
My first time working at a healthcare company we had an incident that exposed more than 100 individual records. The root cause was a coding mistake by one of the engineers in our organization. The question became what do you do after something like that happens?
At most organizations, there’s a clear process to respond to this type of issue—a form letter, a media statement, a list of best practices. But this approach was objectively lacking in human touch, because it involved an individual’s “personal” data. We didn’t want to just do the industry standard. We decided to call every one of the affected members personally, explain our mistake, and assure them that if we could do anything to make the situation better, we would.
It was so personal—both the data that was exposed, and the way we decided to respond. Honestly, I think our approach made a huge difference. There was no legal action that followed the incident, and it further reinforced the importance of how healthcare is different and personal.
What’s one of the most important lessons you’ve learned in your career?
How you respond to an incident really matters. Bad incidents that are managed well can turn into a positive experience. Conversely, small incidents that are poorly managed can become much more damaging than necessary. It’s important to also use challenges as opportunities to assess whether you can do things better.
What’s your favorite thing to do when you’re not at work?
Three things: I love to garden, I use my Peloton a lot and I am a big Neil deGrasse Tyson fan. I’ve always been fascinated by astrophysics.
As a kid, what did you want to be when you grew up? How does that inform what you do today?
I’ve been doing cybersecurity since I was a kid, and it has always been my passion. This started in the early 1980’s when a friend of the family needed some QA (Quality Assurance) help with source code at a local gaming company. During that time, we learned that Warren Robbinett was putting the first easter eggs into video games, and we quickly realized that our role was the “last stop” before any game was shipped. If you look hard enough, you might find an easter egg or two written in some of the popular video games of that time.
Fun fact about me:
I’ve been on six continents with only Antarctica left, and I am a lifelong Nebraska Cornhuskers fan.
