Question: How can I get support from management for my risk management program?
Answer: This is a very common question. Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, provided the following suggestions in a recent blog posting for Clearwater Compliance LLC:
1. Get a friend on the executive team. If you don’t already have an ally in the boardroom, align yourself with someone on the executive team. Try to secure a friend in the “C-suite” who understands risk management, such as your organization’s legal counsel, CFO, Medical Officer, or COO, Chaput suggested.
2. Don’t harp on “compliance.” When you’re talking with management about risk, talk about “patient safety” and “quality of care” instead of “compliance,” Chaput recommended. “Talk about how the confidentiality, integrity and availability of health information is critical to patient safety and quality of care.”
3. Set up a risk management oversight council or committee. According to Chaput, the council or committee should be responsible for:
4. Establish a risk management working group.According to Chaput, this should be a cross-functional group that’s responsible for:
5. Align your recommendations with business strategy. Ensure your recommendations will improve the protection of health information but won’t disrupt operations unnecessarily, Chaput recommended. “Focus your compliance and security recommendations on ensuring customer trust and creating a competitive advantage.”