Author Name: Patrick Ouellette
The shift from a training message that is solely tied to HIPAA regulations to a substantial patient care and safety focus is easier said than done. Despite the challenge involved with this type of undertaking, Jim Noga, Vice President and CIO of Partners Healthcare, and CISO Jennings Aske have seen success in concentrating on why they’re securing patient data, as opposed to only a strict regulatory approach.
Noga said that resonates this type of message resonates with staff members because they can identify with moving from a regulatory discussion toward reminding them that the conversation is about providing better patient care and protecting them as members of our staff, not just arbitrary rules meant to complicate clinical processes.
Dr. Gary Gottlieb [President and CEO of Partners HealthCare] talked during Privacy and Security week at Partners about the importance of patient privacy and security and how it needs to become part of our culture. In addition to all the technology, people need to think about it. No matter how you batten down the hatches in healthcare, the unencrypted laptop makes the press. And a lot of that is based on people’s personal behavior.
Aske added that Partners has seen a better response from clinical staff since shifting that conversation. He admitted that he used to be very regulatory-focused, but the proverbial light went on when he was talking with a clinician during a potential incident.
We dodged a bullet, so to speak, but the clinician said “Wow, if this had happened I wouldn’t be able to deliver care.” That’s the message. And I think our clinical leadership really gets that message. Privacy and security are supporting the business goals of the organization and that mission is resonating.
Managing security at Partners
With the new message in mind, there are certain innate concerns that are part of securing patient data across a large network such as Partners that owns a number of organizations of different sizes and with different needs. Noga has expressed worry in the past about the IT security at stand-alone community hospitals, knowing the investment that Partners had made in them. New threats arrive daily and Noga said there are instances where he’s not sure what happens in these other environments, where there’s just not the capacity to address privacy and security the way it needs to be addressed.