Jason Johnson of Marin General Hospital describes how high security can actually lead to low security in Healthcare.
This is an excerpt of Jason’s comments during a HealthTech Fireside Chat at 500 Startups SF on 21 September 2016.
Also on the panel were Dario Loeb and Geoff Clapp. It was moderated by Hoala Greevy.
Question: High security can lead to low security, what does this mean to you?
“Other than Information Security, my full title is Manager of Information Security and Customer Experience. So I know that’s really odd and instead of putting the security guy against the customer service guy, they just make me fight myself in my own office over what to do because we at Marin wanted to take a more pragmatic approach to security.
Because you’re exactly right, high security just means people are going to find a way around the system. So a really good example of that is we just enforced mandatory encryption for emails going out of the hospital with PHI, with social security numbers, medical record numbers, all that. And on paper that’s a no brainer, you need to do that sort of thing.
But, with Microsoft 365, plug to Paubox, you have to go through a portal and you have to enter a passcode and you have to do it over and over again. And we have other partners, other hospitals, that get four or five emails a day, with PHI from us. With non tech savvy users, who don’t wanna go in and enter this over and over.
So we reached out and partnered with the organizations that receive data from us, sent our engineers to work with them, to make their systems decrypt our messages automatically. So they’re delivered directly to Outlook. And if we didn’t do that, they would start sending with their personal email, they’d find a way around it for sure. So going the extra mile and making not only the customer happy, but making the system more secure, is really the only way to go.”