Information security in healthcare at Triade

By Steven Debets

"Information security is a tricky concept. Many people when they hear this term think of ICT security, but it is much more than that. Healthcare providers do understand that you have to handle client files carefully, for example, but information security is also about protecting information about your own employees, the financial information, the access policy to locations. If you want to improve the information security of a healthcare institution, you have to deal with all processes within an organization: from policy to operational level. That's quite a job, because you have to get all the departments involved to want to cooperate."

Information security in healthcare at Triade

Speaking is (former) Highberg employee Christ Reniers, information security and risk management consultant. He was hired in 2013 by healthcare institution Triade to make their organization demonstrably in control in the field of information security, with the ultimate goal of NEN7510 certification: the Dutch standard for information security at healthcare institutions. Reniers: "You see that the decentralized government is making more and more demands in terms of laws and regulations. Anticipating this, Highberg wanted to identify all risks related to information security and take appropriate measures to ensure that as little could go wrong as possible."

Golden rules

Using a quick scan, Highberg looked at what was in order, what was not and where the biggest gaps were. Reniers: "You have to get people to think in terms of risks and take action on them. It's a change of mindset. That is sometimes difficult. A care institution like Triade has a central office and, in addition, about a hundred locations for clients, ranging from homes to residential complexes and day care. Almost every location has great independence, so how do you coordinate that with key and access management, for example? Can you come up with something generic for that? How do you control access to care or financial information? And is that information all correct?" 

To create support on the shop floor for optimizing information security, Highberg introduced Golden Rules. Reniers: "The rules range from 'Lock your computer' and 'Don't discuss your clients in public' to 'Deal carefully with social media in relation to your clients.' Within a short time everyone knew these rules by heart and-not unimportantly-followed them. Together with the overall change process initiated by Highberg, this led to Triade successfully passing the audit at the end of last year and obtaining the NEN7510 certificate. An achievement that both Triade and Highberg are proud of. 

"The beauty of working for healthcare institutions is that you directly contribute to a better society," explains Reniers. "We help healthcare institutions not only handle client information securely, but also provide correct, complete and reliable information. This ensures that clients get the care they need. For the client's constituents, it is important that they can be confident that their loved one is receiving proper care and their information is being handled properly. It increases the sense of security in every way."   

Want to learn more about this assignment or the topic of information security in healthcare? If so, please contact Steven Debets without obligation.