The COVID-19 pandemic led to the urgent need for improved telehealth platforms for our patients and physicians, as well as the need to shift an in-office workforce of 25,000 to home. In this Q&A with our Data Privacy Team, we discuss how a strong, collaborative data security and privacy program played a critical role in allowing us to safely and securely continue operations and provide life-sustaining dialysis to our patients during the pandemic.
Q: At the onset of the COVID-19 pandemic, why was data privacy and security such a priority?
A: When we learned about COVID-19, we quickly identified the need to safely and securely maintain communication with patients and employees in a remote setting, where it was no longer sufficient to secure users behind a corporate firewall. In addition, we knew that as a healthcare company, we were at a greater risk of cyberattacks. As we adopted a telehealth platform and transitioned thousands of in-office employees to work from home, we remained vigilant about security practices and ensured data privacy remained paramount.
Q: How did data privacy and security play a role in keeping patients safe?
A: At the onset of COVID-19, it was evident that healthcare technologies, such as a telehealth platform, would be critical to reduce patients’ exposure to the virus.
After selecting a telehealth platform, the Data Privacy Team collaborated with the Information Technology Implementation Team to get the system online in an astonishing four days, allowing patients to receive the care they needed from the comfort and safety of their homes.
We reviewed the platform chosen to ensure it fit the requirements of the federal government and would be HIPAA compliant with end-to-end encryption to make it less vulnerable to cyberattacks. Using best practices, we are able to protect and monitor the confidentiality, integrity, and availability of data and networks, ensuring that data is accurate, reliable, and available when needed for our patients and employees.
Q: As the telehealth platform was developed, how did your team ensure that data privacy was top of mind for employees and physicians using the new tool?
A: Thanks to our foundational work on data privacy, the team had a road map for how to quickly and effectively implement training to ensure employees and physicians knew how to use the new platform in a safe manner. To keep data privacy top of mind, our team continues to provide training in a variety of ways, including for new hires and annually for all employees.
Information on data privacy was also incorporated into a centralized repository of all frequently asked questions. This provided a quick reference guide for employees and physicians, reinforcing how to safely conduct telehealth sessions.
Q: How did your team ensure data privacy remained a priority when the company transitioned in-office employees to work from home?
A: When there was a need to shift a large portion of our workforce to work from home, it was critical to retrain and educate employees about data privacy measures and cybersecurity awareness. The Data Privacy Team collaborated with others to deploy virtual workforce training that included reminders about virtual private network (VPN) safeguards, protected health information (PHI), and password protections. We also reeducated employees about spotting different cybersecurity attacks and how to handle them.
Additionally, we created a Privacy Champion Program (PCP) to establish experts at the business unit level who understand the privacy and security risks associated with the business-specific processes.
Q: Can you share more about how the PCP helps promote awareness of and adherence to data privacy and security within the organization?
A: The PCP allows the representative from each business unit to align with the Information Security Office (ISO) on strategies and activities involving data privacy, as well as provide insight for the ISO into business needs and initiatives. The program has allowed us to increase awareness about privacy by requesting or conducting training, identifying areas of opportunity, and providing feedback on planned training programs.
In addition, each team member of the Data Privacy Team has been assigned to a business unit, ensuring data privacy is present in everything we do throughout the organization.