The Friends of Cybersecurity program bridges innovative technology solutions with mitigating security risks
Cyberattacks and burnout are common themes dominating the healthcare industry.
Cleveland Clinic is a non-profit academic medical center. Advertising on our site helps support our mission. We do not endorse non-Cleveland Clinic products or services. Policy
As a result, healthcare professionals are increasingly turning to technology to offset these concerns. Oftentimes, these solutions can bring both challenges and consequences.
“Workflow automation is an obvious solution, especially with artificial intelligence (AI) and ChatGPT,” says Tracey Touma, a cybersecurity business liaison in Cleveland Clinic’s Information Technology Division (ITD). “But any new functionality must be fully vetted and secure before applying it in business.”
Touma’s role is to bridge the gap between the organization’s needs and cybersecurity.
“Cybersecurity measures are often viewed as roadblocks.” Touma continues, “We’re working to shift that mindset with multidisciplinary partnerships throughout our health system. We want to ensure that patients receive the best care while maintaining the highest security standards.”
To this point, Touma describes a recent cyberattack that forced the closure of several hospitals.
“Cybercriminals are drawn to healthcare. Patient data is invaluable, and these types of attacks are crippling,” says Touma. “The affected hospitals were offline for six weeks, which caused much more than financial implications —shuttered emergency rooms, patient care delays, limited resources — a devastating situation.”
Protection from these threats and risks requires multifactorial security points; however, these efforts can’t deter innovation and progress.
At Cleveland Clinic, the Friends of Cybersecurity program is working to foster innovation while mitigating risk.
Led by Touma, the Friends of Cybersecurity program is a structured process to share upcoming initiatives, call to action, collect feedback and discuss concerns.
Touma explains, “Members represent all facets of our business and clinical areas — finance, compliance, physician specialists and more — all caregivers are welcome. These quarterly meetings provide a venue to share and discuss essential security measures that align with our caregivers’ work while upholding our patients’ first commitment.”
In addition to the Friends of Cybersecurity program, there’s a test lab to simulate the impact of potential changes. Engineers and clinical caregivers practice in a non-production environment to confirm that the technology works as intended.
“Clinical input during the testing phase is vital before moving it into production,” says Touma. “Without their feedback, the potential for unintended consequences can detract from our efforts to improve efficiency.”
Touma shares a recent project that reduced clicks and calls to the IT Service Desk.
“Many caregivers had multiple passwords for various applications that required password resets every 45 to 90 days.” Touma continues, “This led to ongoing IT Service Desk calls to reset caregivers’ passwords. We resolved the issue by introducing ‘single sign-on,’ which allows caregivers to have one password for multiple applications.”
Since launching the project, IT Service Desk calls related to this concern have decreased by 67%. This caregiver satisfier led to more solutions with the launch of a 12-character, 12-month password initiative and by implementing caregiver badge log-in functionality.
While Touma works side-by-side with the program’s members, she’s also found shadowing to be a vital experience.
“Our Friends program is an open forum for honest dialogue. That’s where I’ve honed my listening skills, and I’m able to stay attuned to what’s being shared and any underlying concerns,” says Touma.
She continues, “Shadowing caregivers gives valuable insight into the ways technology impacts their workflow. By sharing their viewpoint, they have a say in how the ITD teams can adjust the technology to better support their work.”
These valuable partnerships have highlighted instances where innovation has the potential to stall progress. One example is the need to modify the caregiver badge log-in functionality to accommodate differing workflows in the inpatient and outpatient settings.
Touma explains, “Part of healthcare technology is about improving efficiencies in the most secure environment. Shadowing caregivers closes the loop on what’s planned and what really happens. Connecting these dots strengthens the relationship between the business and cybersecurity.”
In the end, Touma says, “Providing caregivers with solutions that give them more time with patients is a win-win. It’s what our patients want and what they deserve.”
Cleveland Clinic’s roadmap to recovering critical digital assets stems from strategic planning and preparedness
Protecting patient data and privacy while preventing unnecessary risks
The infant fever care path is an interactive, step-by-step tool within the electronic health record that reduces high variability among standard practices to ensure safe, quality care at all Cleveland Clinic locations
Cleveland Clinic providers shifted to one-click ordering to simplify the workflow while increasing visibility of patient-specific recommended wellness screenings
A physician-developed experiential learning elective illustrates the value and necessity for strong collaboration among clinicians and IT professionals
Cleveland Clinic Children’s implemented an automated color-coded system to escalate timely care to prevent patient deterioration
Advancing Cleveland Clinic’s clinical systems integration by creating a secure, single database designed and built to modern healthcare standards
When the COVID-19 pandemic delayed patient care, automated bulk ordering for overdue screening mammograms led to an easy, convenient online scheduling process.