Creating a Culture of SecurityTechniques for Motivating Staff to Do the Right Thing
Clever motivational techniques can play an important role in making sure patient privacy is protected and in creating a corporate culture that values security.
Henry Ford West Bloomfield Hospital , a 191-bed Michigan facility that opened in 2009, has the latest and greatest information technologies. But it's also turning to creative awareness-building techniques to help ensure patient data is secure.
Security belongs to all of us because it's part of taking care of the patient.
In a Feb. 23 session at the Healthcare Information and Management Systems Society Conference in Las Vegas, Amy Wang, the hospital's director of information services, explained that security is "owned" by a council comprising representatives of all departments. "Security belongs to all of us because it's part of taking care of the patient," she stresses.
Four times a year at unannounced times, members of the council conduct "security rounds," walking through every department looking for security issues. For example, they look for passwords posted on sticky notes, devices left unattended with information displayed, as well as other problems.
Council members prepare a report, which is shared with all department managers and senior executives, including the CEO. As a result of the effort, department managers now feel a sense of competition, striving to get the best report, Wang says. "They want to look good."
Thumb Drive Trade-In
In another effort to help carry out its policies, such as a requirement to use only encrypted thumb drives, the hospital created an "I Comply" program. For example, the hospital set up tables in various departments where staff could turn in an unencrypted drive to receive an approved, secure drive.
These steps, and others like them, are designed to create a culture of security that supports breach prevention.
"Privacy and security has to be part of the culture and not just something that's tacked on and just is seen as a barrier," says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.
Other hospitals and clinics should follow Henry Ford West Bloomfield Hospital's example and go beyond implementing the right policies and technologies - and routine training - to create a culture of security. Sometimes, a dose of creativity can go a long way.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.