The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…
“Despite an organization’s best efforts to create a positive experience with their customers, patients, and employees, and to provide the most effective safeguards possible for personally identifiable information (PII), there will always be issues and incidents that occur to create dissatisfaction and friction. This type of conflict often remains unknown to the organization until it festers and spirals into a full-blown situation of bitterness and alienation among unsatisfied and frustrated folks.
To resolve these types of situations, smart organizations create safe outlets that allow customers and patients to express their concerns and complaints in a way that will be addressed by the organization to the mutual benefit of all involved.
A good way to provide this type of outlet is through the creation of an ombudsman role. An ombudsman acts as a neutral entity to work within, or for, an organization, providing a way to allow individuals to confidentially express issues and concerns. An ombudsman can provide mediation services to help people resolve disputes and also refer individuals to other third-party mediators to help manage conflicts.
An ombudsman can be an employee of the organization, or the organization can bring in a full- or part-time ombudsman from outside. The roles and responsibilities must be clearly defined to ensure the independence, neutrality, and confidentiality of the information obtained by the ombudsman. Without these characteristics, customers, patients, and employees will not trust the ombudsman, will view this position as just an instrument of management, and will not turn to the ombudsman for help.”
You can download the full article from the Cutter site; it is a subscription service, but they also sell the individual articles.
If you read it, please let me know your thoughts!
Tags: awareness and training, healthcare, Information Security, IT compliance, policies and procedures, privacy breach, privacy ombudsman, risk management, security awareness, security training