5 Signs that Your Approach to Data Security Training Needs a Rethink

Protenus just reported that January wasn’t exactly a stellar month when it came to protecting PHI.  Breaches averaged one per day, impacting more than 388,000 patient records. Slightly more than 59% of breaches were committed by insiders.

Their reporting confirms ongoing concerns over the ability of health care organizations to protect patient data.

There are two questions:

  1. What steps are you taking to ensure data security?
  2. How are you approaching workforce data security education?

The first question is not my area of expertise. The second one is.

5 Signs that Your Approach to Data Security Training Needs a Rethink

Nobody said being a provider is easy. There are literally hundreds of competencies divided across multiple job roles that have to be either trained or re-verified on an annual basis. Those tied to data security are important because they have the potential to destroy patient trust and your underlying core message to protect those under your care.

With all the other concerns, it is easy for processes to become entrenched and placed on auto pilot. Here are five signs that your current strategies and tactics need a rethink:

  1. Refresher training is simply a repeat of the previous year’s training or worse, the original training. Stop me if you've heard this, but we live in a world of constant change. You content should be evolving to address today's security risks rather than the ones from 2014.
  2. You have bundled data security refresher training with other annual competency/skills check-offs. While this checks off a box or two, key messaging is diluted.
  3. You don’t link protecting PHI to the organization’s values and customer service philosophy. When this happens, you’ve lost the chance to connect the dots and make data security part of the bedrock of the organization.
  4. You are not telling stories that place key processes and desired employee behaviors in context. If you've ever sat around a campfire, you know that the best way to remember content is through stories.
  5. Employee newsletters mention everything but the importance of PHI. Impact: There is a deep truth to the old adage, “out of sight, out of mind.” Your monthly communication plan should contain multiple activities that reinforce the message, across delivery platforms (Intranet, newsletters, email, lunch & learns, signage, etc.).

If you're ready to rethink your data security training, let's talk.