3. Who Are the Stakeholders Involved in
the Training?
Security is about people. The human
touch point is often the weak link in the chain. Cyber-threats take advantage
of this by utilizing social engineering, as seen in the rise of phishing as a
vector for attack. Security awareness is your tool in the fight against social
engineering. But security awareness is also much more than this. It creates a
level playing ground for your entire workforce and beyond, creating a ‘culture
of security’.
With the addition of HITECH Section
13407, the number of stakeholders that need to be incorporated into a
security-aware environment has been extended to cover all business associates
that may have an interaction with personal data and PHI. This creates a highly
diverse group, or eco-system, of stakeholders who are required to have a good
understanding of the healthcare security landscape. This knowledgebase then
allows adherence to the tenets of HIPPA and HITECH security rules. The end
result of a security awareness program that encompasses all the
possible players is an umbrella of security and privacy respect that will have
positive outcomes across the entire eco-system.
Identifying who your key stakeholders
are is the first part of the exercise in security awareness training. As
mentioned previously, this has become a highly extended eco-system of players,
brought into place by changes in the legislation governing information security
in healthcare. Setting out your store in terms of who is a player will help
guide your training exercise. However, the following list gives you an overview
of the types of people involved in training:
- Front
desk workers
- Administrators
- IT
and tech staff
- Medics,
including nurses, consultants and related roles such as social workers
- Transcriptionists
- Healthcare
call center workers and managers
- Medical
claims handlers
- Laboratory
technicians
- Researchers
Don’t forget: There needs to be a specific plan
for bringing new employees on board, rather than waiting for the next security
awareness training exercise. This will get them quickly up to speed and create
a mind-set of security and privacy as they enter their post.
No comments:
Post a Comment