Jackie Mattingly, Director of HIPAA Security, Owensboro Health
With the growing importance of patient experience in healthcare, the role of Chief Experience Officer (CXO) has emerged. CXOs have a great responsibility to conquer the entire picture, beginning to end, of the patient(s) experience. In my opinion, patient experience is a “total package,” not just a good experience during a single visit to the hospital. It encompasses far more than friendly staff greeting you upon arrival or a great single encounter; it is total confidence in the whole Healthcare System.
For a patient to have total confidence, it is imperative they develop trust with the healthcare organization. The patient must trust they are in good hands, are surrounded by a fully competent team, and will be kept safe before, during, and after their experience. If a healthcare organization can instill a sense of trust in the patient that the organization will treat both the patient’s care and their data equally well, as they would want theirs to be treated, they will choose that organization for a lifelong commitment for their wellness journey.
Formerly, CXOs’ roles focused primarily on quality and safety, but now they have a lot more than that to master for a true, trusted patient experience. Privacy, security, quality, and safety are the hottest topics among hospital executives these days because they all intertwine with the ever-evolving threats of cyberattacks, making security a key component to gaining trust in every aspect of a patients’ and/or their families’ journey. Daily headlines include stories about cyberattacks from ransomware, hacked medical devices, and data breaches exposing people’s sensitive data. Any of these scenarios may cripple a hospital’s EHR system. Naturally, this has become a concern for patients and explains why data security should be an essential part of growing trust for the patient experience.
"Healthcare organizations must do the same for patient safety and the data they maintain by putting security safeguards in place to preserve the confidentiality, integrity and availability toward ensuring trust"
If a patient does not have confidence that their data is protected and private, they may withhold information from their caregivers or choose to use a different healthcare organization entirely. If a patient does not feel they are safe, whether it be physical safety or safety of the equipment attached to them, they will probably go to another healthcare organization. Patients trust that they and their data will be protected, and it is the responsibility of the organization to uphold that trust.
Information security encompasses confidentiality, integrity, and availability. You cannot have one without the other, as they go hand-in-hand. Patients must trust the healthcare organization has done everything possible to protect their safety and privacy by putting security metrics in place.
Keeping patients and their data safe instills that trust in your organization, which increases patient satisfaction. Knowing the organization is concerned with the importance of protecting their safety and data is paramount.
Transparency has become key for patients with the recent hype on privacy involving major players like Facebook, Alexa, and Google. Therefore, patients are becoming more aware of their rights, taking charge of their privacy concerns, and asking questions about how their data is controlled. Interoperability has become a significant aspect of healthcare information exchange and gives patients more control over their Protected Health Information. However, it also introduces privacy and security concerns, making it essential for the CXO to understand the information security program of the organization. The CXO must be an advocate for both the patient and organization and the key to finding that “happy medium.”
The Health Care Industry Cybersecurity Task Force’s report on improving cybersecurity in the health care industry states, “Cybersecurity has historically been viewed as an IT challenge, is approached reactively, and is often not seen as a solution that can help protect the patient.” Healthcare organizations need to overcome this mindset, and the CXO plays a major part by being well-informed and involved in the organization’s Information Security Program.
There is not a single Information Security Program available, which provides a 100% guarantee to keep organizations safe from a security incident, just like there isn’t a guarantee that we won’t be in a car wreck on our way to work. We put security safeguards in place for ourselves and our loved ones regularly. For example, buying a car that has been safety tested, has side airbags, OnStar, or an app to detect a crash, wearing a seatbelt, having alarms when the seatbelt isn’t on, automatic emergency braking, and the list goes on. There is no guarantee these safeguards will protect us or even be needed. However, we are building a security framework for the asset (person(s)) inside the vehicle to protect them. We are elevating the level of trust that we are putting ourselves or our loved ones in the safest vehicle possible to protect them. Healthcare organizations must do the same for patient safety and the data they maintain by putting security safeguards in place to preserve the confidentiality, integrity, and availability toward ensuring trust.