Blogs Home
Wednesday, August 1, 2018 12:00 PM

How the Human Factor Impacts Patient Privacy

Written by Rob Rhodes, CHCIO, CISSP, HCISPP, Executive Vice President - iatricSystems


Today I realized that in September of this year, I will have been in Healthcare IT for 28 years. During that period of time, I've performed a number of jobs and learned many different things. I've been in both technical and non-technical roles, in staff and leadership positions, and had the pleasure of working with some amazing people in many different states. The greatest lesson I have learned along my journey is that people are the most important aspect of any successful technology project.

On August 14th at 2:00 p.m. ET, join me for "How the Human Factor Impacts Patient Privacy," an educational webinar where I’ll discuss a number of breaches and show examples of how the human factor was ultimately the root cause. Use the link above to register to attend, and read the rest of this blog post for the background to set the stage.

When I was younger, working in a hospital as a system administrator, I was extremely passionate about technology and the good it could do. Those were the days when many of us acted like "Nick the IT Guy" from Saturday Night Live, amazed at how little everyone else in our organization knew about technology. I could tell you many stories of working with users, and how frustrated my colleagues and I got at their lack of understanding and ability to use tools we found so simple. 

As time went on and technology became a part of everyday life, those folks we had been frustrated with have become very savvy users of technology, and many have become as passionate about technology's promise as my colleagues and I ever were.

Later in my career when I became a CIO, I was thrilled that the rest of the people in my organization had finally “seen the light” regarding technology. This, however, led to another problem which I call the "Silver Bullet" effect. As people become comfortable and interested in technology, they look to it as a "Silver Bullet" and downplay the importance of people. 

There were many conversations and debates among myself and other leaders in our organization about why department staff needed to be involved and engaged in technology projects. Many times I heard myself saying, "This is not an IT project, it's an <insert department name here> project." People simply saw the technology as a magic solution to their problem, with no need to be involved. But this is a recipe for failure. Without well-trained and engaged people, technology just doesn't work well, no matter how good or cutting edge it is.

The areas of cybersecurity and patient privacy are no different. As we've seen with many security and privacy problems over the years, no matter how good the technology, if people make a mistake, bad things happen. For example, you can have the best firewall, but if it's poorly configured and managed, it won't do its job.

Looking back to 2017 and the WannaCry attack, we see that a human's failure to patch critical software bugs in a short period of time or run current operating systems resulted in big problems (the patch to prevent it was available the month before). "NotPetya" appeared a month later and added insult to injury for anyone that got hit with it, since it could have been prevented with the same patch that prevented WannaCry. This is a double (or triple) whammy when it comes to the human factor. First, the bug appeared in code, then quick patching wasn't achieved, leading to the exploit of the bug. Often these types of issues get categorized as "technical failures," but I would argue differently. It’s the human factor.

Unfortunately, there are many, many examples like this that I could write about, but I think you get the point. People are a critical component to any successful technology project, and cybersecurity and patient privacy are no exception.

So, when thinking about your cybersecurity and/or patient privacy programs, take a few extra minutes to double check how people factor into the equation.  You'll be glad you did!

Again, I invite you to join me on August 14th at 2:00 p.m. ET for "How the Human Factor Impacts Patient Privacy." Register now to attend and learn how effective workforce training can help prevent breaches.