Healthcare News & Insights

3 ways to overcome understaffing and keep patient data secure

As more patient information goes digital, healthcare providers need to focus more on IT security. But there’s one big obstacle in the way: understaffing in the IT department. 

That’s the message in a recent report from (ISC)2, based on a survey of more than 12,000 IT security pros in a variety of industries, including health care.

Overall, 56% of organizations say they’re understaffed for IT security roles. In addition, many of the respondents aren’t sure about what IT security staff they need, and only 32% said they’ve got staffing levels right.

And healthcare organizations, along with those in education, manufacturing and retail, are the most likely to report understaffing.

Part of the problem is that healthcare providers are struggling to find IT pros in general. Thanks to rapid adoption of electronic health records and other health IT, applicants with skills in those areas are among the most sought after sections of the job pool right now. In fact, nearly all (97%) say they’re currently looking to hire for IT-related positions, and 23% have at least one open health IT job that they’re struggling to fill, according to recent research.

Add to that the tight budgets many healthcare firms are operating under and the niche skills that IT security jobs require, and it’s difficult for most organizations to hire the right number of people for security functions.

Hire the right people

Healthcare organizations may struggle to fit the right number of security staff into the budget — but that makes it more important than ever to make sure the staff on board has the right skills to meet today’s security challenges.

Keeping up with new threats is especially critical. The top security risks right now, according to security pros, come from organizations’ bring your own device (BYOD) programs — that was listed as one of the top threats by 78% of respondents. And 74% said new security skills are required to meet the challenge of security BYOD.

Beyond that, these were the skills that survey respondents listed as critical for security professionals:

  • A broad understanding of the whole IT security field (cited by 92% of surveyed professionals)
  • Communication skills (91%)
  • Technical knowledge (88%)
  • Awareness of new security risks (86%)
  • Ability to develop and enforce security policies (75%)
  • Leadership skills (68%)
  • Business management skills (57%)
  • Project management skills (55%), and
  • Legal knowledge (42%).

Those are some of the things healthcare organizations can look for when hiring security staff. In many cases, general skills are more important than experience working with health IT systems — many providers have found it’s best to hire for general IT knowledge and cultural fit, and train new staffers on specific systems when they’re on the job.

Invest in the right technologies

In addition to having the right people on board, it’s important for healthcare networks to be protected using the right technical controls. These are the technologies that have significantly improved organizations’ IT security, according to survey respondents:

  • Network monitoring and intelligence software (cited by 75% of IT security pros)
  • Intrusion detection technologies (72%)
  • Web security applications (55%)
  • Policy management and audit tools (54%), and
  • Automated identity management software (45%).

A study last year from the Ponemon Institute listed these as the IT security investments with the highest ROI:

  • Security intelligence systems
  • Access governance tools
  • Enterprise governance, risk and compliance (GRC) tools
  • Data loss prevention tools
  • Encryption technologies
  • Firewalls and perimeter controls, and
  • Automated policy management tools.

Offer the benefits potential employees want

If an organization is understaffed and can’t solve problems by training current employees or deploying new technologies, it may pay to take another look at what the provider is offering new hires and try to bring new staff on board.

Of course, that includes salary — while budgets are probably tight, organizations should take a look at the average salaries for health IT jobs in their areas to make sure they’re in line with market rates. While the salary isn’t the only thing job seekers care about, going too far below the market rate will make it tough to bring top talent on board.

However, there are many things organizations can offer job applicants besides money. Some of the top benefits health IT pros want include:

  • Training opportunities — As written above, offering new training can help organizations eliminate skills gaps without having to hire new staff. But training is also a key benefit applicants and current employees want from their employers. Keeping skills up to date is difficult for IT pros, and most want to work for an employer that helps them further their career.
  • Job rotation — In addition to training, healthcare organizations can also help IT pros improve skills and advance their careers by giving people the chance to work in a variety of roles. In addition, job rotation will prevent people from burning out.
  • Flexible scheduling — IT professionals in all industries often deal with a lot of stress and long hours. While the time they spend working is likely going to remain high, employers can help out by allowing IT pros to work flexible schedules or telecommute occasionally.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.