The recent solar eclipse had all of North America looking into the sky—hopefully you wore the proper eye protection if you did! For this special event, viewers around the world were provided an abundance of images captured by spacecraft, at least three NASA aircraft, high-altitude balloons and the astronauts aboard the International Space Station.
This event reminded me of a presentation from the HCCA Compliance Institute, held March 26-29, 2017 in National Harbor, Maryland. The presentation titled “Wonders of spaceflight and its risks: lessons from the Space Shuttle Program” was about the challenges and rewards of high-risk environments at NASA. The speaker shared how to encourage a culture where people speak up and listen. He also discussed where cultures go wrong and the consequences when they do.
The environments in NASA and in healthcare provider organizations are very similar to one another. They are both high risk. Each places a high priority on privacy, policies and procedures, service and integration, IT security and accuracy. Ensuring that strict guidelines are enforced and followed enables NASA and HIM to mitigate risk, reduce chaos and prevent loopholes in their organizations.
Here are four important lessons healthcare compliance officers can learn from NASA:
1. Normalize the anomalies. The goal at NASA is to normalize the anomalies because accepting or ignoring them spells disaster. It is important to encourage a culture where employees speak up and listen when something seems out of the ordinary.
In healthcare, breaches of Protected Health Information (PHI) are considered an emergency—something out of the ordinary. However, as more and more healthcare breaches occur, management and employees may start seeing them as normal. Regardless of the frequency of breaches, allowing them to be overlooked is not acceptable.
Privacy loopholes leave healthcare organizations susceptible to risk and breach. Letting such things go unnoticed could cause a major disaster and have negative impacts on patients, families and the organization’s reputation.
2. Avoid schedule pressure. If pressure to meet schedules is too high, there will be a disaster. A pressed schedule can cause an otherwise capable team to make mistakes that ultimately cause serious damage to a project. Projects may get done faster, but the effort will result in unhappy employees, low quality work and poor relationships.
3. Encourage free, unfiltered communication with board of directors and senior executives. It is critically important to foster honest feedback and let employees express their feelings and emotions. One way to implement this type of communication is to open a hotline, call center or some other type of communication channel for support.
4. Beware of the streetlight effect. Healthcare privacy and compliance officers tend to focus attention on where “the light” is. By focusing too much on a certain risk issue, organizations forget to consider other risks that are looming outside its beam. It is important to be aware of everything going on around your organization. Be sure to keep up to date with the latest breach trends and maintain constant awareness of the possible threats to your organization.