Thursday, 10 March 2016

What Happens In Vegas...

The thing I love about my job is that I get to become an armchair expert on a wide range of businesses - this time it was the monolith that is the US Healthcare Industry. Yeah - I’m a hoot at parties. Not that I get invited out anymore - not since the buffet incident of Christmas 2012.

HIMSS16 (Healthcare Information Management Blah Blah) is this years big top event for anyone running IT in a clinical environment - or vendors who seek to help them spend their IT budget.  I was there to learn about the business and understand HIPAA Regulations. The reason?

Restricted Intelligence (Healthcare Edition)

Oh yeah - a comedy series set in a clinical practice or hospital that highlights best (or worst) behaviours for employees (medical AND administrative) in the quest to protect PHI (Patient Healthcare Information) - Look at me all TMA’d up. (Totally Meaningless Acronyms).

Same ‘ol Same ‘ol
The presentations security covered the kind of issues we’ve come to expect (Cybersecurity “posture”, Best practices, Cloud security, Managing Risk, The gap between C-level & IT) - as well as fascinating Case studies etc. There was a particulate case study about a hospital who had elected to PAY $17,000.00 to get some access back to its network after a Ransomware attack.  Interesting. A week of post-it notes only will do that to ya...

A Loser for User Awareness?
One thing struck me though. Despite the fact that almost every one of the presentations I saw (about 10 in all) mentioned employee education or training - there were almost NO vendors providing exclusive awareness training for hospital employees. Yes - because HIPAA states that this must happen - there were some vendors including a BIT of this necessary evil within their HIPAA management offering, but precious little specialisms and certainly nobody being creative about it. I am not surprised - even the mainstream SC awards in the UK have NO category for security awareness within it’s awards canon. Duh.

So - the question remains for us:

Is comedy an appropriate tool in the healthcare environment, or must employees remain battered by pure CBT, E-learning and the interpretation of legislation for their awareness development?   We hope that we can make a difference, and follow the success of the mothership (, and the conversations I was having with my newfound group of friendly IT Healthcare professionals (You know who you are, Texas Chapters!) were ll very positive indeed - with one chap offering to resell our packages right then and there.  Easy tiger - we’ll get to it. Restricted Intelligence Healthcare Edition (“Scrubs" with Passwords) will be created later this year and released at HIMSS next year one way or another. If you’d like to be on board for this - drop me a line at, or if you just can’t wait - check out the mother ship above. We’re about to shoot season 4, so there’s plenty to go for in the meantime.

Thanks HIMSS and thank you Vegas. It’s been emotional.

No comments:

Post a Comment