The 3 R’s of a Cybersecure Business Culture

By Heather Stith

Share on FacebookShare on LinkedInTweet about this on TwitterEmail this to someone

October is National Cyber Security Awareness Month! You can read last week’s blog on 3 Easy Ways to Improve Your Healthcare Organization’s Cybersecurity here.



When you want to minimize waste, you look for ways to reduce, reuse, and recycle. When you want to build a solid foundation for education, you include reading, writing, and arithmetic (perhaps spelling as well). As Week 2 of National Cyber Security Awareness Month, “Cyber from the Break Room to the Board Room,” comes to an end, consider these three R’s:

Risk Assessment & Management

Cybersecurity focuses on mitigating risk, not eliminating it. To truly understand the risks your healthcare organization faces, you must have a detailed understanding of how it operates. What information do you collect from providers and patients and how do you collect it? Where is it stored? Who has access to it? When and how do you dispose of it? These questions need to be asked and answered on a regular basis.

To reduce your cybersecurity risk, a good principle to follow is to collect only the information you need for business purposes and give employees only the minimum level of information access that they require to do their work. The hc1 platform provides a user access structure to control what information users can see and customizable roles that define what users can do with that information. For example, disabling the PHI (protected health information) permission on a role keeps users with that role from seeing file attachments with PHI. The hc1 platform also offers the flexibility to provide limited access to providers and specimen collectors. System administrators can view the audit log to track who has accessed or changed information.



It’s one of hc1’s core values, and we believe security is everyone’s responsibility. For example, all hc1 employees, even those who don’t deal directly with client data, complete annual HIPAA training. Cybersecurity shouldn’t be just a concern for tech folk, however. Training helps healthcare employees recognize that healthcare data is valuable and know what policies and procedures they need to follow in order to protect it. All employees need to be aware of the major legal and financial consequences a HIPAA breach could have for their organizations. Just as they wouldn’t leave cash out in the open, employees should secure their offices, workstations, phones, laptops, USB drives, faxes, files, and anything else that contains healthcare data. As all interns learn, don’t ever leave your computer unlocked and unattended, or you will get Hasselhoffed.


By safeguarding protected health information, healthcare organizations show that they respect their patients’ right to privacy. Respect is another of hc1’s core values (we have 6, in case you were wondering). As a HIPAA-compliant cloud technology company built from the ground up to address the needs of the healthcare industry, cybersecurity is a key part of our culture.


How does your organization promote cybersecurity? Let us know on Twitter @hc1_HRM!

See how healthcare industry leaders are using

Schedule a demo

Not quite ready? Follow us on Twitter for the latest.