3 WHYs for HEALTHCARE INFOSECby Patrick Quirk
Healthcare organization are improving their information security practices, but it still lags behind other industries. This lag is often due to healthcare leaders not connecting how information security helps them achieve the organization's objectives. If you are struggling to make the case for investing in information security in your organization, consider how these three motivators may help you establish common ground with others in your organization.
1. Improve health outcomes
Those with a medical background typically having a passion for improving the health of others and prioritize healthy outcomes above all else for their organization. With data breaches now a daily occurrence and the rise of criminal organizations exploiting this data, it is not surprising that a survey by the publication Software Advice found 21% of patients withhold personal health information from their doctors due to data security concerns. This raises interesting questions about quality of care impacts if providers can obtain more information about their patients by removing concerns about the security of information provided.
This is just one aspect of the consumerization of healthcare trend, but it is one which information security can help address. Organizations will be more likely to have patients disclose potentially impactful details about their health when they improve patient confidence in how they will protect sensitive information. The never read, quickly signed and never looked at again HIPAA forms do little to nothing to gain the confidence of patients. Rather, organizations must align processes and procedures with security best practices, implement secure technology and include information security within marketing messages to move the needle on patient perceptions.
2. Ensure financially viable organization
Those with financial responsibility for the organization, such as CFOs, Administrators and Board Members, are often passionate about ensuring the organization has the financial standing necessary to thrive. Beyond the estimated $363/record cost of a data breach, the biggest information security related financial threat to organizations is that patients are actually changing provider decisions based upon news about data breaches. The Software Advice survey found 54% of individuals were very or moderately likely to switch providers after a security breach. Meanwhile, the Ponemon Institute found that patient churn is higher in organizations after a data breach.
Financial concerns typically boil down to risks and how those risks are addressed. These financial threats are growing on various fronts (regulatory, consumer, lawsuits, etc.) and as a result, we are seeing more healthcare organizations taking proactive approaches to these risks. If you have an information security related concern or idea for your organization, relating it to the mitigation of financial risk can be an effective means of obtaining buy-in from leadership.
3. Fight for good
The IT professional ranks are filled with individuals who believe in fighting the good fight. Many were drawn to the field by concepts of innovation, freedom, empowerment, and equality that technology can enable. Those in IT can sometimes be so motivated by the "Go Make IT Happen" spirit that important concerns such as information security can be viewed as barriers to progress rather than true requirements with additional opportunities for innovation.
Information security provides a plethora of IT opportunities and can be truly exciting component of projects, when aligned with the project objectives. When seeking buy-in from IT leadership or team members, consider how the challenges posed by achieving sound information security practices can align with project objectives and mirror personal motivations for problem solving, creativity and equality.
Do you need help establishing a culture of security within your orrganization? FOQUS Partners strives on helping organizations turn such strategic initiatives into reality. Contact us today to learn more.