Healthcare News & Insights

How to respond when some won’t follow IT policies

IT departments in healthcare organizations put a lot of effort into developing policies to protect patients’ protected health information and other sensitive data. But they often face one obstacle preventing those rules from being effective. 

Executives often ask to be granted exceptions to IT policies. When IT gives in to those demands, not only does that increase the risks that the information those execs handle will be compromised, but it also sets a bad example for others in the company and makes it more difficult to get them to follow the rules.

Making exceptions to some policies for executives is fairly widespread, according to a recent survey from IT staffing firm Modis that examined how companies handled online streaming of the annual NCAA college basketball tournament.

With the games available online — and many played during work hours in the early rounds — some organizations decided to limit users’ access to the games. Among the 502 IT pros surveyed by Modis, 34% had planned to either block or throttle access to the video streams. That was in addition to 48% that were already placing restrictions on viewing non-work content.

However, policies exceptions are often made, according to survey respondents. Two-thirds of IT pros said they would allow access for the company’s CEO or president, while 52% would do the same for senior employees.

Talk to execs about IT policies

Here are some steps IT managers can take if they’re asked to grant a policy exception:

  • Consider how serious the impact of the policy loopholes could be. Granting a few people access to streaming video likely won’t cause security issues, but it could affect network performance, depending on the organization’s bandwidth. IT should consider the likely impact of granting policy exceptions before they decide whether to say yes or put up a fight.
  • Explain the reason for the policy. In some cases, the exec or manager might just not understand why a rule is important and may back off after it’s properly explained.
  • Describe the impact the exception will have the organization’s performance. Execs will be more likely to understand IT’s position if it’s clear how violating policies could threaten the security of patient information, or harm productivity and make it harder to get others to follow the rules.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.