Radiology Orientations, Cybersecurity Principles and Positive Reinforcement | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


I recently began working on a new account for my teleradiology gig. I had already gone through the client group’s credentialing process, so it was established that I was not some crackpot coming out of the woodwork. Nevertheless, protocols must be followed, and before reading any cases, I had to spend a couple of hours going through “orientation” for lack of a better word.

They did a good job of glossing over the stuff that would be irrelevant to off-site workers such as myself. That’s no small thing. I have, for instance, had to endure sessions about the proper usage and disposal of “sharps” in previous telerad jobs.

There was still plenty of relevant material to go over, and few, if any, employers can say “Look, you’ve been in this field for over 20 years. You worked in multiple environments just like this one, and you’ve been through orientations for each. Some probably made you redo it annually. You already know everything we would say to a new hire. How about we just give you a digital copy of it all? Sign off that you are aware of it, and responsible for compliance.”

While I was sitting there and hearing about secure passwords, avoiding phishing, and remaining HIPAA-compliant, I found myself thinking that all of it could be summed up as a “don’t screw up” group of endeavors. There are endless ways in which you can fail but success just means avoiding all of those pitfalls. It’s a baseline above which you cannot go.

You don’t, for instance, hear about someone being a superstar at avoiding phishing because at best he or she is on the same level as everyone else who didn’t get suckered. I can’t get a “most compliant with HIPAA” award that means anything because at best, I am just in the same boat with everyone else who didn’t violate the rules.

Folks expect more of physicians than “just don’t screw up.” Professions requiring education and training are in another arena where there is room for excellence. That is no surprise given the sometimes severe competition at every step of the way from college through med school and residency/fellowship training.

Not screwing up would mean getting minimum passing grades and graduating at the bottom of one’s classes (Old joke: What do you call the man or woman graduating at the bottom of the med school class? “Doctor”). Define that as success if you like, but most would focus on how much above that bare minimum one managed to climb. Given the choice, patients would prefer to know that their doc excelled.

Putting aside things like class rankings and test scores, there is plenty of room for excelling in one’s actual career. You can get granular about it, crunching numbers as to whose patients do better, or you can be empirical. Has doctor X earned the respect of his or her colleagues? Do they go to him or her when they find themselves stymied? Does this doc handle cases that others cannot?

There are some things that can dwell in either category, depending on context. Driving a car, for most of us, is a “just don’t screw up” affair. If we get to our destinations without crashing or receiving a ticket, that’s our not screwing up success. There’s a lot more room for (and expectation of) excellence if you are dealing with a guy named Earnhardt and he’s in a race car.

Taking someone accustomed to pursuing excellence and putting him or her in a “don’t screw up” situation, you face a challenge to keep the person’s attention/interest. He or she is accustomed to soaring with the eagles (or trying to), and now you’re expecting the doc to seriously consider the danger of tripping over his or her own feet.

Under such circumstances, there are a couple of options: Diminish expectations of the doc being engaged or make it more interesting to him or her.

The first option is easier. For instance, if your IT people have told you that they want two hours to thoroughly give religion to new hires about password strength and the like, maybe tell them they have to cut it back to one hour. Perhaps you have them record their spiel and require newbies to view it on their own time, but they can do so at 1.5x speed. (Try this for talky vids. You would be amazed how much it helps.)

The second choice (making things more interesting) can be a fun project, even if it takes more time and effort. One way is to incorporate comedy or other entertainment value into the otherwise humdrum “don’t screw up” stuff. A good example is the themed “defensive driving” courses. Most HR, IT, etc. departments probably don’t have capable comedians in their ranks, but if there are particularly charismatic folks, they would ideally be the ones giving talks. Maybe even have someone “punch up” the Powerpoint slides that trainees have to sit through.

Another trick is to bring things a step or three above the “don’t screw up” world into the world where excellence is possible. One former employer of mine had a program of periodically sending fake “phishing” emails out. Folks who fell victim (clicking on embedded links they shouldn’t, etc.) probably got on-the-spot correction. Folks who simply didn’t screw up (ignored/deleted the messages) never heard another thing.

Those who recognized the “phishy” email and took the trouble of hitting a “report suspicious message” button were rewarded with a congratulatory response. A simple bit of positive reinforcement for the right behavior elevates things just a smidge from the boring, gray zone of “don’t screw up” and people notice. You could even go a step further by keeping track of who correctly responded to the greatest number of phishing tests each quarter and announcing them to other employees on a sort of “honor roll.” Maybe even reward them with a small gift card.

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW