Creating a culture of privacy and security

Part 1 of our new series on Privacy and Data Security Best Practices

We are complicated creatures of habit. We tend to do things, more or less, because that’s the way we have always done them.  We observe this across our society, including our work environment.  A strong privacy and security culture in a healthcare clinic is both a mindset and a process of operation.  A security culture that is integrated into daily thinking and decision-making can result in a near-impregnable health information system.

Conversely, a security culture that is missing will result in uncertainty, and ultimately security incidents that no clinician can likely afford to take on. This often happens when everyone is working in silos, which anyone in the privacy and data security field can tell you, is where managing confidential information can fail.

What can be done?

Do what you must in order to minimize the disconnect, apathy, silos and self-interests that undermines security.  A huge part of this involves a training program that is periodic and consistently applied to all staff.  Privacy and security training for locums, casual and part-time staff is frequently forgotten in a busy clinic. Whenever this is done, it doesn’t matter how strong your firewall is, or how professional your locums and casual staff are. Your patient’s confidential information may be put at risk simply because staff may not be aware of what they must do.

Privacy and security training involves more than asking staff to use complicated passwords. It involves imparting a thorough understanding of how confidential information is handled across the unique workflow of your clinic, its potential impact on privacy and data security, and personal responsibilities to protect it. Typically this includes

  • A thorough introduction to privacy principles, as they apply to your clinic
  • Safe computing, with a good understanding of potential threats
  • Physical security, including securing work areas and resources
  • Safe remote and mobile computing
  • Protecting and handling confidential information

For training to be effective, it needs to be based on a robust framework of clinic privacy and security policies. To be relevant and practically useful, these and specific procedures guiding staff should be designed to meet the needs of your practice. Doing this right will go a long way towards ensuring your confidential patient information is kept safe.

If you need help, contact us.

We can quickly assess your clinic for risks, implement appropriate measures, assist in training your staff, and free up your time to do what we cannot do, looking after your patient’s clinical needs.