American Association for Physician Leadership

Operations and Policy

Cybersecurity Tips for Smaller Hospitals Benefit Large Ones, Too

Fast Practice

April 17, 2019


Summary:

Learn some cyber security tips for small hospitals that will also benefit larger facilities.





Several breaches involve mistakes or malicious behavior, so all health care organizations can benefit from these suggestions.

Smaller hospitals have fewer resources than their larger peers to invest in information technology, particularly cybersecurity. However, they still need to meet the same basic standards as larger facilities.

It’s a dilemma pointed out in an article published recently in Health Data Management. Author Brian Stone brings up a few helpful reminders for community and regional hospitals to make the most of their IT security budget:

Monitoring cloud-based environments: By monitoring, smaller hospitals’ IT departments develop insight into how users interact with their applications, making it easier to secure and optimize their business systems.

Training and rewarding appropriate behavior: By training users on security and regulations, and creating a compliance culture, smaller hospitals can become more secure. It helps more if they sanction offenders while rewarding positive behavior.

Using a third-party security vendor: Using a third party takes an extra monitoring load off IT’s plate. Such vendors might also be able to train new employees, conduct ongoing educational sessions and tackle internal problems as they arise.

Of course, many health care organizations, large and small, fail to allocate enough of their budgets to these problems until they’ve had a severe breach. Several breaches involve mistakes or malicious behavior, so the kind of training advocated by Stone can be effective in both environments. (In other words, if all you must do is fight off the occasional outside marauder, the data assets may be more secure than you think.)

That said, creating a security-conscious culture takes not only training, but also time. It helps that many younger employees are exposed to data security just by being raised in an IT-connected generation. However, many workers will find security counterintuitive, so you need to get them on board. You want as many people as possible available to recognize when something bad occurs.

Put another way, it’s important to remember that IT security isn’t a one-off exercise, but rather something that needs to be embedded in the way people work, in much the same way as patient safety considerations are among clinicians. If you integrate security thinking into your team’s habits and workflow, you’re likely to accomplish a great deal.

Fast Practice

Stay current. Save time. Know more. Earn more.

Built on the journal club concept, expert editors critically select and summarize sixteen of the most valuable articles from the current literature - two articles on each of the most challenging practice management topics.
Fast Practice

Interested in sharing leadership insights? Contribute



For over 45 years.

The American Association for Physician Leadership has helped physicians develop their leadership skills through education, career development, thought leadership and community building.

The American Association for Physician Leadership (AAPL) changed its name from the American College of Physician Executives (ACPE) in 2014. We may have changed our name, but we are the same organization that has been serving physician leaders since 1975.

CONTACT US

Mail Processing Address
PO Box 96503 I BMB 97493
Washington, DC 20090-6503

Payment Remittance Address
PO Box 745725
Atlanta, GA 30374-5725
(800) 562-8088
(813) 287-8993 Fax
customerservice@physicianleaders.org

CONNECT WITH US

LOOKING TO ENGAGE YOUR STAFF?

AAPL providers leadership development programs designed to retain valuable team members and improve patient outcomes.

American Association for Physician Leadership®

formerly known as the American College of Physician Executives (ACPE)