INTRODUCTION
Security breaches in the healthcare industry are on pace for more than one per day, according to a recent report. What’s telling is that 9.2 percent of the breaches occurred through accidental email/internet exposure and 8.7 percent due to employee errors, an IT security company discovered.
It’s one thing to be targeted by hackers, but hospitals wanting to prevent healthcare data breaches need to eliminate ones caused by staff.
Here’s how you can protect patient health information:
EDUCATE AND TEST HOSPITAL STAFF
Your hospital’s PR and IT departments must focus internal communications efforts on education and situational training, respectively.
For the PR team, regular communications–be it newsletters, Intranet blog posts, presentations, quizzes and/or handouts–are important to engage staff and build a mindset in which security is at the forefront. You also need to make sure staff members achieve informed consent about safeguard processes (e.g. login authentication) that can be time-consuming or annoying, according to the Commonwealth Fund.
For the IT team, cybersecurity company Redspin says to test staff with phishing emails and phone calls. Supplement the training with posters, wikis and other items the staff can reference quickly.
With education and training, your hospital hopefully can avoid breaches such as the email scam that affected the nursing home chain American Senior Communities in Indiana.
MEASURE YOUR INTERNAL COMMUNICATIONS EFFORTS
You want to make sure your education and training efforts are working. Per our tips on internal communications measurement, you’ll need to start by measuring outputs. For example, are staff members viewing, sharing or engaging with your content? If not, you’ll need to revise your tactics.
Next, you’ll need to measure your outcomes. For example, is your IT department seeing that employees are clicking on fewer and fewer phishing emails? Are quiz scores meeting a certain threshold? If not, you’ll need to figure out why and then alter your messages accordingly.
Ultimately, you’ll know you’re succeeding if you don’t have any breaches occur from the inside.