Privacy & Security
As patients get smart, don't fail to factor consumerism into risk management
Only healthcare organizations that can identify, quantify and operationalize risk will be successful.
While consumerism is a hot topic in healthcare, the industry is still behind the curve when it comes to taking the risk associated with patients “shopping” for services and factoring it fully into provider business strategies.
Henry Ford Health System, however, is trying to get caught up. Jane Harper, director of privacy and security risk management at the provider organization, said consumerism gets counted in the probability model of risk management at the system.
“Risk management is a mathematical algorithm between likelihood and impact; we look at likelihood and impact and come up with a risk rating,” Harper said. “When we look at that algorithm, we look at things like the impact of standards, not being compliant with HIPAA, not being compliant with PCI, and we count them in our impact model. Consumerism is a likelihood.”
[Also: HHS cybersecurity center to help healthcare orgs fight cyberthreats]
Healthcare organizations pride themselves on gaining market share, whether it’s an insurer seeking more members or a provider seeking to provide the best care in a region. Organizations want everyone to come to them. But as numbers increase, so, too, does the likelihood that new issues carry fresh weight.
“This is how consumerism has played into risk management,” Harper said. “Forty years ago, 20 years ago, people typically had an insurance plan through their company, that’s what you had. With consumerism, it works quite differently. Think about things like the Affordable Care Act; now people are purchasing products and there might be high deductibles, so they do more research and shopping.”
[Also: Health execs rank employee awareness as greatest cybersecurity concern]
There are more patients shopping for healthcare and making intelligent decisions about their care, Harper said.
“You get a higher number of patients, and that raises your likelihood, but that means they are more intelligent so something like a breach or a reputation issue can directly impact your patient volume,” she said. “So consumerism is one of the things we have to look at with a special lens when we talk about risk management.”
Learn more at the Privacy & Security Forum in San Francisco May 11-12, 2017. Register here.
When it comes to risk management techniques, Harper said brainstorming is highly important.
“In financial services we used to call it scenario-based risk assessment,” she said. “It’s absolutely key to a program. One thing we learned early in risk management is while we have to be the know-it-all, we really are not. Your risk management staff is trying to identify obstacles to your goals, everything from being compliant to reputational issues. There is nothing like getting the subject matter experts in your organization together in a room and throwing out a couple questions, a couple scenarios, and saying let’s brainstorm on every plausible issue or risk that could prevent us from meeting this particular goal as we have defined it.”
This technique in the risk management process is about sitting down with very intelligent people within an organization and picking their brains, Harper said.
“It’s not just one particular set of people that really understands your assets, it’s really more of a universal situation, and you get a more robust understanding of the risk in your situation when you do that.”
Harper will deliver an address on risk management at the HIMSS and Healthcare IT News Privacy & Security Forum, May 11-12, 2017, in San Francisco, during a session entitled “Game Changer: Why You Can’t Afford to be Wrong About Risk Management.”
Email the writer: email@example.com
Like Healthcare IT News on Facebook and LinkedIn