The Security Scrutinizer with Howard Anderson

Creating a Culture of Security

Techniques for Motivating Staff to Do the Right Thing
Creating a Culture of Security

Clever motivational techniques can play an important role in making sure patient privacy is protected and in creating a corporate culture that values security.

See Also: Live Webinar | Adapting Firewalls and Proxy Gateways in the Zero Trust Era

Henry Ford West Bloomfield Hospital , a 191-bed Michigan facility that opened in 2009, has the latest and greatest information technologies. But it's also turning to creative awareness-building techniques to help ensure patient data is secure.

In a Feb. 23 session at the Healthcare Information and Management Systems Society Conference in Las Vegas, Amy Wang, the hospital's director of information services, explained that security is "owned" by a council comprising representatives of all departments. "Security belongs to all of us because it's part of taking care of the patient," she stresses.

Four times a year at unannounced times, members of the council conduct "security rounds," walking through every department looking for security issues. For example, they look for passwords posted on sticky notes, devices left unattended with information displayed, as well as other problems.

Council members prepare a report, which is shared with all department managers and senior executives, including the CEO. As a result of the effort, department managers now feel a sense of competition, striving to get the best report, Wang says. "They want to look good."

Thumb Drive Trade-In

In another effort to help carry out its policies, such as a requirement to use only encrypted thumb drives, the hospital created an "I Comply" program. For example, the hospital set up tables in various departments where staff could turn in an unencrypted drive to receive an approved, secure drive.

These steps, and others like them, are designed to create a culture of security that supports breach prevention.

"Privacy and security has to be part of the culture and not just something that's tacked on and just is seen as a barrier," says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.

Other hospitals and clinics should follow Henry Ford West Bloomfield Hospital's example and go beyond implementing the right policies and technologies - and routine training - to create a culture of security. Sometimes, a dose of creativity can go a long way.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.