Category: Organizational Behavior
Are Women and Men Managers Really That Different?
by Paula Lovell on August 3, 2010 | 6 comments
in Organizational Behavior, Productivity, Small Business
By nature and by trade….I am interested in communications.
I had a lot of fun bantering back and forth with Jim Blasingame, well-known Small Business Advocate, on his recent radio show devoted to small business owners. We were discussing male and female managers and, although we were talking in grand generalities and had a lot of laughs, we agreed there are some very basic differences in the way men and women communicate and perform as leaders. It emanates from the fact that, in general, the sexes process information differently.
I was first alerted to the “science” behind those differences when listening to a lecture given by biological anthropologist Dr. Helen Fisher. After much study of the way the sexes think and communicate, Fisher points out some interesting capabilities of most women. In her book, The First Sex, she lists many common characteristics, including:
- a capacity to read postures, gestures, facial expressions and other non verbal cues;
- excellent senses of touch, taste, smell and hearing;
- an ability to do and think several things simultaneously;
- a broad contextual view of any issue (called web thinking);
- an impulse to nurture;
- and a preference for cooperating, reaching consensus and leading via egalitarian teams.
By comparison, and generally speaking, men have their own set of natural talents, that include:
- a superb understanding of spatial relations;
- a talent for solving complex mechanical problems;
- an ability to intensely focus on one thing at a time;
- and a gift for controlling many of their emotions.
According to Fisher and many other experts, these differences play out in the management ranks of the workplace in a number of interesting ways. Women make good strategists because they collect a broad range of information and look at issues or crises from a holistic perspective. They want to gather data, look at all the angles, negotiate consensus, and talk through the options before settling on a position or resolution. Men on the other hand are more reactive, dictatorial and focused on securing a swift and tidy resolution – sometimes with or without “buy-in” from colleagues, employees or associates. Men will occasionally view women as not being focused; women can see men as being narrow-sighted or having “tunnel vision.”
In terms of which style is more effective and will produce better results, I think the answer is: Both. And that is precisely why it is so important for businesses and organizations to have women and men leaders at the top, working on senior strategy, jointly call the shots during challenging times and bringing complementary approaches to the management of business.
What do you think? Is this all malarkey? Have you had an experience where you noticed such a difference between the styles and strategies of men and women leaders?
Your Social Media Policy Needs More Than Teeth … It Needs Bite
by Rosemary Plorin on June 16, 2010 | 1 comment
in Healthcare, Organizational Behavior, Social Media
From the moment we learn to walk and talk, human beings quickly learn that life is structured with rules. But as we master walking and talking and move on to, say, whispering and tiptoeing, we quickly realize that rules without consequences are rarely motivating.
As the Mother of a dear and devious four-year-old, I’m keenly in touch with this educational concept. For my little darling, a rule without a consequence is like a 20-inch, rainbow-striped candy cane: she can’t resist breaking it. Rules are just words; consequences impact actions.
For many of us, understanding the relationship between rules and consequences is a lifelong learning process. Enter five nurses in San Diego accused of violating their employer’s social media policy. Local news reports indicate the nurses “posted personal discussions concerning hospital patients” on Facebook. The CEO of the hospital has said “no patient names, photographs or similar identifying information appear to have been used,” but has indicated his intention to fire the five nurses and discipline a sixth. The California Department of Health has launched its own investigation. A union representative with the California Nurses Association has defended the nurses, who are entitled to a hearing under California law.
Presumably, the hospital has a clear social media policy it has communicated well to employees. Presumably, that policy articulates the expectations of employees while on the Internet – for either personal or professional use. And presumably, the potential consequences of violating that policy were well-defined and commonly understood by the hospital’s workforce. While I’m sure it was a difficult decision for the CEO to take this personnel action, it shouldn’t be unexpected consequence.
The case is anticipated to drag on for months, and the spotlight will likely not fade. The industry and its many ancillary players will be watching this with (self) interest. The impact and potential consequence to hospitals and healthcare providers for violating the federal laws of the Health Insurance Portability and Accountability Act (HIPAA), and its sister legislation, the Health Information Technology for Economic and Clinical Health Act (HITECH), are real … and the$e con$equence$ have bite.
Under these laws covered entities and their employees must act responsibly and play by the rules – and with the passage of HITECH, so must their business associates.
Rules are rules, and consequences are consequences.
No, really. They are serious about it.
by Andrea White on May 14, 2010 | no comments
in Crisis Communications, Healthcare, Organizational Behavior
HIPAA Enforcement is Hiring and Gearing Up for More Activity
Alerting all healthcare communications staff: we have fresh confirmation that a new era of diligence has begun at the Office of Civil Rights (OCR) for HIPAA enforcement of privacy and security. And as you know, security breaches lead to public relations nightmares, especially when a regulatory investigation is involved. And, officials are reminding us that they can now impose penalties of up to $1.5 million per violation.
Since the enforcement of HIPAA regulations moved from HHS to OCR in 2009, and actual enforcement began in February of 2010, there have been more than 75 health information security breaches reported that affect 500 or more people. OCR is taking this trend very seriously. In fact, Susan McAndrew, deputy director for privacy for OCR, made some enlightening comments earlier this week at an OCR-sponsored conference held in Washington, D.C.
It turns out OCR has added more investigators to their staff in 10 regional offices with the goal of investigating even more security breaches per year than had been projected when the office first staffed up. Right now they are conducting “compliance reviews” to help the 75 organizations with existing data breach issues to take corrective and preventative actions.
But consultants from Booz Allen Hamilton are in the process of helping OCR launch a new model for security rule audits – one that prioritizes pre-emptive action. Later this year OCR plans to begin these proactive audits of covered entities and business associates. Their goal is to identify and address security weaknesses in advance so that breaches are prevented.
Reports from the conference indicate that the auditors will be checking to see if organizations have completed their risk assessment and implemented appropriate administrative, technical and physical safeguards for protected health information (PHI). They will also be evaluating the organization’s efforts to uphold an individual’s right to access their own medical record and confirming that internal controls have been put into place to control unauthorized access to PHI.
Advice from the Information Security professionals on the front lines?
- Create comprehensive security policies and procedures based on thorough risk assessments;
- Train and re-train staff on steps to keep information secure;
- Consider whether to store sensitive patient data on fewer mobile devices; and
- Be sure to shred paper documents before disposal and destroy hard drives no longer in use.
Most of the security breaches to date have been the result of hardware theft – laptops, hard drives, thumb drives, etc. As a result, most information security officers are starting with enhanced protocols around encryption and making strategic determinations about what data should be stored on these devices, as well as enhancing physical security.
This doesn’t end at the doors of your organization. A new report from New Mexico serves as a warning to healthcare organizations nationwide to check on the security protocols of subcontractors. The New Mexico Medicaid program is currently advising almost 10,000 people that their medical data has been compromised due to a computer theft from the car of a subcontractor.
Some other risk factors have come up that are less obvious. Leased copiers with a hard drive may be a security risk if the hard drive is not wiped before returning it at the end of the lease. Likewise, phones and voice mail, as well as email, are not generally encrypted, leading to another set of risks. And in one case, a security patch download for one software program endangered the security of PHI held in another program on the same system.
But honestly, the most prevalent risks stem from inadvertent actions by employees. One of the most important things that an organization can do to avert breaches is to adequately train employees and provide clear guidelines about protocols, the reasons for those protocols, and the risks associated with breaking those protocols.
As the person charged with communicating the value of the brand, you are in a unique position to assist in this kind of employee communications in a way that will bring it all home to them and people will remember what is at stake when protocols are inconvenient.
The bottom line is that communicators have a key role to play. Let’s face it. For all of their good intentions the CIO, CFO, and legal officers of a healthcare organization may not be able to provide a good calculation of the impact this kind of breach will have on your market reputation and the costs required to repair it after a breach. Patient loyalty, brand reputation, and good relations with other health information business associates are assets with value, and this value needs to be reflected in the organization’s thorough risk assessment.
So is your healthcare organization ready for an OCR audit?
Have you included all of the true risks in the risk assessment?
What are you doing to better protect your data, train your employees, and prevent data breaches?
Any advice for your peers in other organizations?
Andrea White specializes in communications issues related to health information technology and the HITECH Act. Stay tuned for more blog entries on this subject in coming weeks!
Sources:
“Breach List: A Call to Action? With so many incidents, security funding could get a boost,” http://www.healthcareinfosecurity.com/p_print.php?t=a&id=2505
“HIPAA Audits: A Status Report,” http://www.healthcareinfosecurity.com/articles.php?art_id=2517&rf=2010-05-12-eh
“OCR Boosting Security Enforcement,” http://www.healthdatamanagement.com/news/privacy_security-40268-1.html?ET=healthdatamanagement:e1267:25859a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_051210
“N.M. Medicaid Breach Affects 9,600,”
http://www.healthdatamanagement.com/news/breach-theft-laptop-medicaid-40279-1.html?ET=healthdatamanagement:e1269:25859a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_051310
“Civil rights office steps up health privacy enforcement,” http://govhealthit.com/newsitem.aspx?nid=73735
The power of “sorry”
by Rebecca Kirkham on April 29, 2010 | 1 comment
in Crisis Communications, Healthcare, Organizational Behavior
Mistakes happen. It’s a sad truth that anyone who works in healthcare – even those of us far removed from the frontlines – knows all too well. However, I recently caught a fascinating new documentary that made me think about patient safety in a new light.
Narrated by actor Dennis Quaid, whose newborn twins almost died as a result of an overdose of a common blood thinner, Chasing Zero: Winning the War on Healthcare Harm, provides insight into why mistakes occur and what can be done to prevent them. For example, I was fascinated to learn that a survey of board members at hospitals with poor quality performance revealed that nearly all of them regarded their quality as “above average.” As you can imagine, this kind of denial factors heavily into a hospital’s willingness to adopt systems, technology and a culture that supports patient safety.
Denial can color how providers handle mistakes as well. Many providers who have erred immediately go on the defensive, avoiding direct communication with the patient or routing all contact through risk managers or attorneys. (While it should be noted that Quaid now praises the hospital that made the mistake with his twins for its willingness to enhance patient safety protocols, it’s jarring to hear him recount how he learned of the error).
Though powerful in its own right, the documentary made me reflect on the Sorry Works movement, which advocates direct communication between hospitals and patients or families who have experienced harm as a result of a preventable medical error. The Sorry Works initiative encourages hospitals to:
- Tell the patient or family what happened in plain language;
- Accept responsibility as appropriate;
- Apologize;
- Describe what will be done to prevent similar events in the future.
It’s a simple, common-sense approach that has helped many hospitals reduce litigation while fostering goodwill with external audiences. Most importantly, it provides immeasurable comfort for patients and families. Though it was developed for use in a healthcare setting, any business can use these same principles to navigate a crisis. I highly recommend reading more about Sorry Works and taking the time to watch this fascinating documentary.
Healthcare Marketers: Get to Know Your CIO
by Andrea White on April 13, 2010 | no comments
in Crisis Communications, Healthcare, Organizational Behavior
The HITECH Act has significant implications for communicators
A whole new area of risk is coming to the fore as the country rapidly moves to digitized personal health information (PHI). Physicians and hospitals will soon receive enhanced reimbursements for using electronic medical records and earn incentives for sending electronic prescriptions. As usage of electronic PHI grows, there are new risks for breach of that very sensitive data, and healthcare communicators need to be ready.
Since new notification regulations went into effect on February 22, fifty-six data breaches have been reported in which the PHI of 500 or more people has been put at risk. I know this because it is posted on the HHS web site mandated by the HITECH ACT. But for even more information on the subject all I have to do is turn to HealthInfoSecurity.com and the Open Security Foundation, both of which search primary and online news sources to gather information on new data breaches and further spread the news. It is easy research to do…for me or for a reporter.
Professional healthcare communicators know that a large PHI breach requires at least a substantive and reassuring press release and similar notification for affected individuals. But did you know that there are now regulations for exactly what that press release and personal notification must include, when they must occur, and what resources must accompany them? If you post an announcement on your web site, utilize a 1-800 number, or make resources available online, there are additional guidelines that must be followed.
As communicators charged with restoring your organization’s reputation once a crisis has occurred, this may be an opportune time to go have lunch with your CIO, become familiar with the security safeguards that are in place for PHI, and learn about the regulatory requirements. Think of it as business continuity or disaster planning.
The potential costs are real. The Poneman Institute conducts an annual study across industries to measure the real costs of data breaches including legal expenses, the cost of investigation and consultants, loss of customers, and other factors. In 2009, the average cost per compromised record was $204 — which adds up very quickly since any breach generally impacts large numbers of records. 2009 incidents studied by Poneman ranged in cost from $750,000 to nearly $31 million. And, predictably, they observed more volatility around healthcare customer churn than in any other industry.
Here are some steps you can take now to prepare for a possible PHI breach in the future:
- Understand the potential cost to the organization’s brand, to patient loyalty, and in actual expended dollars.
- Work with your I.T. department to conduct a technical risk assessment and understand the scope of data that might be affected.
- Learn about the security safeguards already in place in your organization and get a high level understanding of how the data systems are structured. Draft some talking points in advance for quick reference.
- Assist employee training efforts to prevent inadvertent data breaches. As a professional communicator and steward of the organization’s brand, you should be the perfect person to develop the messages regarding what is at stake.
- Get a working knowledge of the regulatory language around data breach notification to individuals and to the media.
- Develop a quick reference plan encompassing practical steps and regulatory requirements for what to do after a breach.
So far, planning for HITECH has stayed in the CIO’s court, but it is time for Communications to get in the game as well. Don’t wait for a breach to happen before learning about your data systems and related regulations. Just think how much easier it will be to translate it all into English now rather than waiting until you are in the crunch.
Andrea White specializes in communications issues related to health information technology and the HITECH Act. Look for more blog entries on this subject in coming weeks!
The Realities of HIPAA in Social Media
by Rosemary Plorin on April 6, 2010 | 1 comment
in Healthcare, Organizational Behavior, Social Media
Part Two in the discussion of PR and Legal Counsel as Uneasy Bedfellows and Strategic Partners
The number of hospitals and healthcare providers jumping into social media increases daily. (Check out Ed Bennett’s impressive resource if you don’t believe me). Like most all consumer-driven businesses, hospitals are eager to reap the value that social media can deliver – often with remarkable cost efficiency.
Healthcare administrators’ apprehensions about the perceived liabilities of social media engagement seem to have abated as marketers have become increasingly adept at addressing management’s main concerns:
“What will we do if someone criticizes us?” Apply standard service recovery techniques and have a clearly articulated and well posted disclaimer about removing inappropriate posts.
“What can we do about employees spending time on Facebook during work hours?” Have a plain-language social media policy; propagate it thoroughly and often.
But just as anxiety in the hospital c-suite begins to wane, dyspepsia spreads around the legal department and the attorneys pull out their favorite trump card: HIPAA. The PR vs. legal clash is on.
Fortunately, a growing number of marketing sensitive attorneys are stepping into the discussion, reminding their peers about whom the Health Insurance Portability and Accountability Act applies: covered entities, meaning hospitals, providers and now authorized business associates. Patients and family members are not covered entities under HIPAA. So it’s not a HIPAA violation for a well-meaning daughter to post that her father received great care at General Hospital after his stroke from uncontrolled diabetes.
Media and internet attorneys will also explain there is no liability for General Hospital to sponsor or even own the site on which the daughter makes the post. Providers of interactive services (such as a Facebook fan page or hospital blog) are protected by provisions of the Communications Decency Act. So long as the social media team at General understands it should never edit posts (though it is free to remove them), the liability just isn’t real.
This is not to suggest that hospitals and other healthcare providers should enter into social media blindly. But if your market research and planning indicate it’s time to go social, legal concerns needn’t keep you in Web 1.0.
Lead by Example (and examples of leaders)
by Rosemary Plorin on February 11, 2010 | no comments
in Organizational Behavior
Our firm is fortunate to work with a number of really remarkable business leaders – successful men and women of intelligence, vision, intuition and guts. We’re honored to work with them, and humbled by how much we learn from them.
Opportunities to learn and grow from examples of leadership (good and bad) abound in the headlines of any given day:
Toyota’s recent recall problems … Waste Management’s decision to put their CEO (and their brand) on a reality TV show … the New Orleans Saints risky decision to do an onside kick at the open of the second half of Super Bowl XLIV … Sarah Palin’s key-note address to a new political movement.
Each of these issues is, or will be, a study in leadership. How the organizations are led through change/opportunity/risk/challenge will determine how these organizations succeed … or not.
Among the many leaders our firm has been fortunate to know over the years is our dear friend, Chuck Lauer. Chuck was publisher of Modern Healthcare for more than 25 years and continues to be a highly regarded leader in healthcare. His recent editorial in Becker’s Hospital Review is an excellent insight into the qualities, characteristics and requirements of true leadership. I hope you enjoy it as much as I did.
Toyota’s Tough Times Create Credibility Crisis
by Paula Lovell on February 9, 2010 | 4 comments
in Branding, Crisis Communications, Organizational Behavior
Times are tough at Toyota. What with the piling on of slippery floor mats, sticky accelerator pedals and faulty brakes, it’s no wonder they are experiencing serious damage to their brand. And they’re taking a lot of criticism for the way they are handling the crisis.
The crisis managers at Toyota have got their work cut out for them. It’s not going to be as simple as offering an apology for the anxiety and inconvenience created by the recent recalls. New evidence reported in the New York Times indicates Toyota has a long and disturbing history of trying to cover up defects in quality and safety.
Now, it’s not just the latest double dip of recalls that Toyota has to overcome. The problem appears far more systemic: If it is true that Toyota has repeatedly been aware of safety issues and consciously waited up to eight years (while they were developing new replacement models) to recall the cars that were potentially putting Toyota fans and their children in the line of danger, they have violated consumer trust. Perhaps permanently.
For decades, Toyota has enjoyed the kind of customer loyalty that was the envy of every American corporation. There are blogs, member organizations, Facebook pages and all kinds of online chatter from people who call themselves lifelong fans of the car manufacturer, many who have said they would never own anything other than a Toyota. And why do they love this brand so much? Quality and reliability. Ouch.
There is only one way Toyota is going to regain its credibility with its customers and the market: prompt response and complete transparency. They’ve got to aggressively get the parts to the dealers and get these cars off the road as quickly as possible and with minimal inconvenience to the customer. They’ve got to offer special service checks and insurances for a long period of time, 24/7 hotline phone numbers and online access for people to talk to service experts, daily progress reports to the media, bloggers and the international public and aggressive incentives for new buyers. Most importantly, they should throw out the people who made the decisions not to issue recalls sooner when it came to choosing between their admiring public and corporate greed.
These are not “PR strategies.” Or are they? The only thing that is going to save Toyota is for its leaders to start thinking of their business from the customer’s perspective. When they start to relate better to all of their publics (customers as well as shareholders), they can work through this credibility crisis and re-emerge, albeit it in five to ten years, as a dominant and trusted corporation.
We are, after all, a forgiving and forgetting public.