Learn how engaged team members are the first line of defense against digital fraud in the healthcare industry.
Posted June 13, 2018
In the digital age, organizations continually face the challenge of preparing their teams and organizations to defend themselves against cyber attacks, hacking, phishing scams, ransomware and malware, which can put their businesses and customers at risk.
For the healthcare industry, the threat of a data breach hits especially close to home. In 2017, nearly a quarter (24 percent) of all data breaches affected healthcare organizations, making them more targeted than hospitality companies, food-service companies and public-sector entities, as published in Verizon’s Data Breach Investigations Report. The report also found that for social attacks, which includes email breaches, healthcare was the top industry impacted, second only to the public sector.
The reality is, employees are often the weakest link when it comes to cybersecurity. To protect sensitive patient data at all times and continue to provide the efficient and personalized customer service experience consumers expect from your brand, healthcare companies must create a culture that prioritizes privacy and security compliance. This starts with hiring the right people and extends to training employees and keeping your workforce engaged.
E-book: Optimizing customer service for better health outcomes
Never before have consumers been so empowered when it comes to their health, and with more information, comes increased options and greater competition. Discover industry trends, best practices and expert insights for an enhanced patient experience.Download E-book
Look for security awareness, and train your staff well
A report conducted by MediaPro, a security awareness and compliance training company, found that 70 percent of employees, including those working for healthcare companies, aren’t currently prepared to prevent a cybercrime. These workers were categorized as either a “risk” or a “novice” with regard to cybersecurity, and even “exhibited behaviors that put their organization at risk of a privacy or security incident.”
Implementing the necessary security measures in the workplace starts with who — and how — you hire. During the interview stage, try to gauge candidates’ knowledge on issues like safe email usage and patient data protection. Integrating cyber-risk management best practices into the onboarding process is also an important step toward safeguarding your company.
To protect your patients’ sensitive healthcare information, all employees who handle patient data should be trained and certified on the Health Insurance Portability and Accountability Act (HIPAA), whether by using resources offered by the U.S. Department of Health and Human Services, or by hiring a third-party organization to run a compliance training and certification program.
Prioritize information governance and employee education
A recent report from the Healthcare Industry Cybersecurity Taskforce stated that responsibility for healthcare cybersecurity has traditionally fallen to a company’s IT department. However, that isn’t the case anymore. “Information governance…should include not just IT and security stakeholders, but also information stakeholders,” the organization wrote.
The American Health Information Management Association (AHIMA) agrees. “Our stance is that you have to have information governance,” says Diana Warner, director of Informatics, Information Governance and Standards with AHIMA. “You need to know where your clinical and non-clinical information is kept, how you capture it, where you store it, how long you keep it and who your data stewards are.”
Answering these questions — an important step to improve the customer experience and protect consumers from digital fraud — falls to senior management. AHIMA advises companies to conduct a risk analysis of their existing system and destroy outdated patient records. It also encourages the encryption of all employee laptops and the establishment of a personal devices policy as employees’ phones, tablets and computers can be gateways to a cyber attack if used to tap into your corporate network.
On the employee training front, team members should be taught to follow best practices like keeping their software up to date. “Patching software falls under the IT umbrella, but sometimes software is purchased through another source, and your workforce should know to check with the IT department about patches and fixes,” Warner says.
Educating staff about email phishing scams can also minimize the chances of a breach. “You really need to stress with employees not to click on something if the URL is suspicious, the domain’s misspelled or the logo doesn’t look quite right. It’s safer not to click and check in with the IT department if they think the email is important,” she explains.
Boost employee loyalty by keeping your staff engaged
Verizon’s Data Breach Investigations Report shows that 28 percent of data breaches involve employees. “The malicious attacks are really going to be the hardest to prevent,” Warner says, noting that companies should make sure employees know their online activity is being monitored, and immediately cut off access to sensitive material if a staff member has been terminated. Encouraging employees to anonymously report suspicious activity is also a smart strategy for keeping attacks at bay.
Another factor to consider for avoiding internal breaches is to keep your employees engaged and happy. The resulting loyalty is crucial to the long-term security of healthcare companies. “Without a doubt, team members are a critical element of a company’s first line of defense when it comes to ensuring privacy and security in the delivery of healthcare customer service,” says Pat Mallon, TELUS International’s vice-president of business development. “When employees feel valued, and that their employer is investing in their well-being, they will be less likely to commit fraud and more likely to report it.”
Mallon has seen the effectiveness of this approach firsthand at TELUS International where a recent survey conducted by Aon Hewitt revealed an industry-dominating 83 percent employee engagement score. The company also consistently achieves attrition rates up to 50 percent below the industry average.
The superior performance and business ownership mindset that accompanies these results stems from a commitment to surrounding team members with what matters most to them — inspiring workspaces, onsite daycare and health clinics, subsidized post-secondary education, volunteer opportunities and extended benefits for family members. Removing all opportunities for cyber crime is a must, but an engaged workforce has the added benefit of reducing the chance that an employee is tempted to commit fraud.
Delivering a better customer experience by protecting patient data in an age when data security isn’t a guarantee is tricky. But by hiring the right people, offering ongoing education and training for employees, and providing engaged workplaces, healthcare companies can ensure they’re prepared to defend themselves — and their customers — against cyber crime.