University Medical Center security chief says staff education key to protecting healthcare orgs
For Phil Alexander, information security officer at the University Medical Center, in Lubbock, Texas, the key to safeguarding health systems is a focus on education, technology and a rapid response.
Alexander will present “Securing Your Agile, Mobile Clinicians: Breach Case Study,” on March 3 at HIMSS16, where he will explain how good education can help all stakeholders understand the ongoing risks.
Alexander believes that a person should be able to walk into a hospital or healthcare facility and ask anyone what their IT security education is and not get blank stares in return. For example, if someone asks why they secure information and data at his workplace, he believes UMC employees would not only be able to answer that but, equally as important, do so enthusiastically.
“That’s what we’ve done here,” Alexander said. “We’ve made it exciting.”
Alexander doesn’t do this with classroom presentations, but by making it personal. He gives them free tools to use at home for finances, ID protection and online privacy issues and, once they are comfortable with these, they tend to bring the habits back to work.
“When they finally get it, they start asking me the questions,” Alexander said. “They start pushing me — and that’s a good problem to have.”
The technology prong at UMC revolves around personal responsibility. The department heads, according to Alexander, know what people do and do not need and so they are well positioned to deliver faster on requests.
Additionally, the programs aren’t on desktops but remotely connected for a better user response, so as not to clog up desktops and mobile devices and as for zip drives and other executable files, Alexander flatly said are a “no go” without prior authorization.
“It’s a more granular approach. It’s using technology rather than a human,” he added.
[Like Healthcare IT News on Facebook]
Lastly, Alexander said the biggest complaint in any breach is about the response in its wake.
What happens, asked Alexander, if the hospital has to unplug everything? What’s the continuity plan? Who is working with marketing?
“The whole plan has to be worked out,” Alexander said.
The session “Securing Your Agile, Mobile Clinicians: Breach Case Study,” is slated for March 3, 2016 from 1:00-2:00 pm in the Sands Expo Convention Center Palazzo L. Joining Alexander for the presentation will be Ellen Derrico, Senior Director Product Marketing Healthcare and Life Sciences, RES Software.