INDUSTRY WATCH

Research shows that healthcare has already lost an estimated 20 % of its workforce over the past two years . This turnover is happening top-to-bottom throughout organizations . Doctors are switching between hospitals , administrative staff are leaving the industry , and technology teams are being lured away by higher paying jobs in other sectors .

The high volume of turnover in the industry is having a broad impact . According to one study , 60 % of organizations have had to change their care model ; 48 % have had to reduce inpatient capacity ; and approximately 40 % have made reductions in operating room and ambulatory clinic capacity , increased emergency department diversion and increased length of stay .

Security is yet another critical area of operations feeling the effects of The Great Resignation . Last year , Netskope Threat Labs found a 300 % rise in employee data theft during their last 30 days of employment . So with unprecedented levels of human resources churn across the industry , how can healthcare organizations ensure that their proprietary data and other sensitive information doesn ’ t leave with a departing employee ?

Greater risk to research data

At a typical research hospital , researchers will apply for grants from government agencies and / or private institutions . While grants are awarded for a particular project and researcher , the funding typically belongs to the facility where the research is being done .

In most cases , the resulting data from the project also belongs to the research hospital – while the researcher gets credit for the work and has access to data while employed by the institution . For researchers , getting credit is usually the most important factor . While there are instances where a researcher may pre-arrange some kind of shared usage rights or ownership of project data by written agreement , it ’ s much more common for facilities to maintain sole ownership of the research being done by their employees .

What sometimes happens , though , is that a researcher makes a name for themselves and gets lured away to another facility . On their way out the door , they may want to take some project files with them – even though those materials explicitly belong to the institution they ’ re leaving . I ’ ve actually seen this firsthand . I was part of a security team when a researcher tried to take their data with them when they left and the organization objected .

Collaboration across institutions ( such as between a university and an affiliated research hospital ) is another common area where these sorts of data ownership conflicts can arise . Most often , the organizations sign a business associate agreement ( BAA ) that outlines who is responsible for the resulting protected health information ( PHI ) data . But a lot of times , data transfer happens outside the terms of the agreement – without the security or IT team ’ s knowledge . And once proprietary data is exfiltrated from the institution , it can be nearly impossible to put the genie back in the bottle .

Spotting and stopping potential insider threats

Regardless of the intent of the departing individual , healthcare organizations need to protect themselves

www . intelligentcio . com INTELLIGENTCIO LATAM 73