Understanding a doctor’s typical day of work
Find out why workarounds occur as physicians experience hectic workdays
At Mission Health, a six-hospital system based in Asheville, N.C., President and CEO Ronald A. Paulus, MD, is both a physician and former software developer.
Paulus has a keen understanding of how the needs of IT and clinicians can intersect, and how to make that intersection productive instead of adversarial.
In 2014, he instituted a program called Walk a Mile in My Shoes that required administrators to shadow clinicians to better understand their operational challenges – not just around cybersecurity, but all technology. Paulus even joined in, doing four-hour shifts in the ER.
Seeing things up close, in real time, the tension between managing information and providing care was revealing for Paulus.
“I was watching what people did and was thinking to myself, ‘My Lord, this is crazy,’” he remembers. “I was standing beside a nurse and she was trying to interact with a patient. She had two screens open, and also a device, but she ended up writing things down on a napkin. What struck me was how hard it was to do so many simple things.”
Consider this scenario:
A physician plugs USB stick from home into a hospital laptop.
- Threat: A virus that could have been planted on the USB stick from another machine now has a clear path into the hospital network. Also, misplacing a USB stick can be a significant breach of protected health information.
- Solution: Implement a removable-media policy (USB, memory card, CD/DVD, etc.) that covers proper acquisition, management and secure disposal of removable media. Prohibit unapproved media from operating in hospital systems
The Walk a Mile in My Shoes program addressed common vulnerabilities in hospital security strategies: insufficient awareness of how doctors actually work, how they access data, and when and why they look for workarounds.
Charles Sawyer, MD, is chief medical officer and a working internist at Mission Health. Sawyer says that doctors today understand the security threat, but “at an emotional level, when we’re trying to take care of patients and get through a busy day, security protocols look like a nuisance and a hassle.”
Make sure your security team understands how data and devices fit into a physician’s workday.
Examine workarounds or bad practices to understand their function. Don’t assume laziness or malice. Shadowing doctors is one tactic. Another is to make doctors an active part of your security team.
Download the Cybersecurity Handbook for Healthcare CEOs to learn more.