- People & Culture
Why an engaged workforce enhances security in healthcare customer service
In the digital age, organizations continually face the challenge of preparing their teams and organizations to defend themselves against cyber attacks, including hacking, phishing scams, ransomware and malware, which can put their businesses and customers at risk.
For the healthcare industry, the threat of a data breach hits especially close to home. According to the HIPAA journal, in 2021, an average of almost two healthcare data breaches of 500 or more records was reported each day. Attacks are consistent and costly.
The reality is, employees are often the weakest link when it comes to cybersecurity. To protect sensitive patient data at all times and continue to provide the efficient and personalized customer service experience consumers expect from your brand, healthcare companies must create a culture that prioritizes privacy and security compliance. This starts with hiring the right people and extends to training employees and keeping your workforce engaged.
The Patient Experience: Optimizing customer service for better health outcomes
Discover patient experience trends and best practices for today’s healthcare leaders.
Look for security awareness, and train your staff well
A report conducted by MediaPro, a security awareness and compliance training company, found that 70% of employees, including those working for healthcare companies, aren’t currently prepared to prevent a cybercrime. These workers were categorized as either a “risk” or a “novice” with regard to cybersecurity, and even “exhibited behaviors that put their organization at risk of a privacy or security incident.”
Implementing the necessary security measures in the workplace starts with who — and how — you hire. During the interview stage, try to gauge candidates’ knowledge on issues like safe email usage and patient data protection. Integrating cyber-risk management best practices into the onboarding process is also an important step toward safeguarding your company.
To protect your patients’ sensitive healthcare information, all employees who handle patient data should be trained and certified on the Health Insurance Portability and Accountability Act (HIPAA), whether by using resources offered by the U.S. Department of Health and Human Services, or by hiring a third-party organization to run a compliance training and certification program.
Prioritize information governance and employee education
A report from the Healthcare Industry Cybersecurity Taskforce stated that responsibility for healthcare cybersecurity has traditionally fallen to a company’s IT department. However, that isn’t the case anymore. “Information governance…should include not just IT and security stakeholders, but also information stakeholders,” the organization wrote.
The American Health Information Management Association (AHIMA) agrees. “Our stance is that you have to have information governance,” says Diana Warner, former director of Informatics, Information Governance and Standards with AHIMA. “You need to know where your clinical and non-clinical information is kept, how you capture it, where you store it, how long you keep it and who your data stewards are.”
Answering these questions — an important step to improve the customer experience and protect consumers from digital fraud — falls to senior management. AHIMA advises companies to conduct a risk analysis of their existing system and destroy outdated patient records. It also encourages the encryption of all employee laptops and the establishment of a personal devices policy as employees’ phones, tablets and computers can be gateways to a cyber attack if used to tap into your corporate network.
On the employee training front, team members should be taught to follow best practices like keeping their software up to date. “Patching software falls under the IT umbrella, but sometimes software is purchased through another source, and your workforce should know to check with the IT department about patches and fixes,” Warner says.
Educating staff about email phishing scams can also minimize the chances of a breach. “You really need to stress with employees not to click on something if the URL is suspicious, the domain’s misspelled or the logo doesn’t look quite right. It’s safer not to click and check in with the IT department if they think the email is important,” she explains.
Boost employee loyalty by keeping your staff engaged
Verizon’s Data Breach Investigations Report shows that 28% of data breaches involve employees. “The malicious attacks are really going to be the hardest to prevent,” Warner says, noting that companies should make sure employees know their online activity is being monitored, and immediately cut off access to sensitive material if a staff member has been terminated. Encouraging employees to anonymously report suspicious activity is also a smart strategy for keeping attacks at bay.
Another factor to consider for avoiding internal breaches is to keep your employees engaged and happy. When employees feel valued, and that their employer is investing in their well-being, they will be less likely to commit fraud and more likely to report it. The resulting loyalty is crucial to the long-term security of healthcare companies.
The effectiveness of this approach can be observed at TELUS International, where a recent survey conducted by Kincentric revealed an industry-leading 80% employee engagement score. The superior performance and business ownership mindset that accompanies these results stems from a commitment to surrounding team members with what matters most to them — inspiring workspaces, onsite daycare and health clinics, subsidized post-secondary education, volunteer opportunities and extended benefits for family members. Removing all opportunities for cyber crime is a must, but an engaged workforce has the added benefit of reducing the chance that an employee is tempted to commit fraud.
Delivering a better customer experience by protecting patient data in an age when data security isn’t a guarantee is tricky. But by hiring the right people, offering ongoing education and training for employees, and providing engaged workplaces, healthcare companies can ensure they’re prepared to defend themselves — and their customers — against cyber crime.