Corporate Culture in Healthcare it What Actions

Corporate Culture in Healthcare It

What actions support a strong corporate culture in healthcare IT?

According to a comprehensive review of the available literature on the topic of healthcare information technology (IT) in relation to corporate culture, the following areas are the most important to the ability of healthcare organizations to implement and maintain effective policies and procedures: management support, security awareness, security culture, and computer self-efficacy (Brady, 2010). More specifically, attention to each of these areas individually as well as within an integrated organizational culture-based approach correlates with beneficial security behaviors and the optimal effectiveness of IT security necessary to ensure HIPAA security compliance within contemporary healthcare organizations (Brady, 2010).

Meanwhile, another study from China (Chien-Ding, Ho, and Wei-Bin, 2011) suggests that even the most stringent policies and protocols within healthcare organizations may not be capable of ensuring full protection against unauthorized dissemination of protected health information in and of themselves. That is simply a function of the fact that individuals with authorized access to protected information often deliberately misuse their authorized access to copy, retain, and even distribute data, such as unencrypted digital photographs. In that regard, that study disclosed that the use of embedded markers within images capable of identifying unique users are necessary. Furthermore, the key to their effectiveness in terms of preventing unauthorized dissemination of these data rather than merely identifying the parties responsible the breach after the fact lies in the awareness of all individuals with system access credentials that their uses of the system resources are directly traceable to them (Chien-Ding, Ho, and Wei-Bin, 2011).

Management support is crucial because management is directly responsible for delivering IT system security training to business units and to individual employees, as well as for monitoring performance and compliance with training obligations (Brady, 2010). Security awareness must be a coordinated effort at every level that begins with conceptual understanding of the nature of the fundamental obligation to safeguard protected health information. That includes awareness on the part of employees (both paid and unpaid) of the magnitude of the penal and civil liability consequences that can result from breaches of security protocols, especially in relation to Health Insurance Portability and Accountability Act (HIPAA) compliance (Brady, 2010).

Healthcare organizations must establish, promote, and continually emphasize the crucial importance of data security as a chief component of organizational culture that encompasses formal training, system access rules and protocols, and also awareness of social engineering and even more benign potential risks to data security (Brady, 2010). That includes strict adherence to rules that are the most frequently violated within healthcare and other types of organizations: namely, employees failing to turn off computer terminals when leaving their desks and extracting files even for legitimate purposes, such as transporting them home to work on them (Brady, 2010).