Include Nurses in Cybersecurity Training and Strategy Planning
Teri Young, a nurse and vice president of clinical systems and chief of clinical informatics at University of Maryland Medical System, says one of the challenges for healthcare organizations is how to better engage nurses when they’re being trained on issues of cybersecurity.
“It’s a tough balance to not overload them with the annual training they’re required to do while also ensuring they are vigilant about cybersecurity,” she says. “No. 1, there must be nurses represented in the IT space so there is a connection between technical folks and the nursing staff.”
She explains that UMMS recently conducted a tabletop security exercise for a cyber event, which included pulling in a group of nurses to be involved in the response to that exercise.
“We’ve also had an entire group of nurses over the past two years reviewing and revising our downtime policy approach as an entire organization, not just by individual hospital, so that everybody is speaking the same language,” Young says.
From Kerry Barker’s perspective — she’s a nurse and interim account manager of Epic Services at CereCore — nursing should always be included in planning for cybersecurity approaches.
“We need to make sure that the training and information is relevant to their true workflow experience,” she explains. “By including a representative who can approach common issues, we can personalize the experience and have better buy-in from the healthcare team.”
Barker adds that training should involve scenarios that are more true to life for nurses.
“The more the nursing team can visualize itself in that scenario, the more relevant the training becomes,” she says.
Cybersecurity Shouldn’t Impact Nursing Workflows and Patient Care
Jill Ellis, a nurse, solutions expert and nursing leader at NRC Health, notes that nurses are the largest employee group in healthcare, and they use medical records on a regular basis.
Going forward, she says it will be critical to have nurses at the table and on teams involved in cybersecurity planning, from building cybersecurity strategy and reviewing regulatory compliance to reporting incidents and helping build out the best plan.
“Cyberattacks are growing, and nurses spend most of their day in the EMR and in their healthcare email,” she says. “In their busy world, in the blink of an eye, they could click on a link that could affect their whole healthcare system.”
Ellis says it also requires a change of mindset to think of digital tools as hospital equipment that should be protected from theft.
Barker points out that one of the key issues for nursing and cybersecurity is easy access.
“When you increase the difficulty in a sign-in process or develop a complicated password strategy, this slows down productivity and the ability to respond to potential life-threatening emergencies,” she says. “Strategies need to be mindful of the ability to still have quick access.”