“The media is not going to play fair with you.”
It was a bold statement made by Steve Bennett during a session at CHIME on managing communications during a crisis, and one I agree with wholeheartedly. When there’s a scoop — or in some cases, even the possibility of a scoop — media outlets are going to run with it. “Even speculation of patient harm is news,” said Bennett, who is VP of Healthcare IT Recruitment at Kirby Partners.
And where in the past, news of patient data breaches and failed go-lives may have been confined to the hospital’s four walls (at least for a while), that’s no longer the case in today’s social media-driven world, where news travels like wildfire. Officials at Sutter Health in California barely had time to breathe before news of a major EHR crash in August went public, and organizations like Advocate Health that deal with large-scale patient record leaks are forced into crisis management mode.
And Advocate certainly isn’t alone. According to Bennett, some 22 million patients have had their records accessed through breaches, and the trend isn’t going to subside anytime soon.
In other words, if it hasn’t happened to your organization yet, brace yourself, because it probably will. And when a crisis hits, Twitter and Facebook will have a head start, and so it’s critical that CIOs and other leaders have a plan in place and are ready to act swiftly and intelligently.
In explaining how best to do that, Bennett and Kelly Styles, CIO at Connecticut Children’s Hospital, offered best practices from their experiences and those of several colleagues who have experienced PR nightmares such as major outages and theft of VIP patient records. And although the scenarios differed, there was a common thread: when the heat is on, leaders need to lead.
Jon Manis, CIO at Sutter Health, urged his peers to “get out in front” of a crisis, “and don’t avoid tough questions.” Styles concurred, adding that CIOs need to “be visible” and cannot make the mistake of letting others take bullets. “This isn’t the time to delegate downward.”
Jim Veline, CIO at Avera Health, emphasized the importance of preparedness, advising CIOs to start with an environment assessment to make sure all the gaps are covered. “Determine an action plan before an event happens,” he noted.
However, as both Bennett and Styles pointed out, although it’s important to address the situation right away, it’s also critical to avoid knee-jerk reactions. One way to do this is to quickly issue a statement along the lines of, “We are aware of the situation and are taking steps to mitigate it. We’ll provide an update every 30 minutes.”
This way, according to Bennett, CIOs can acknowledge the crisis without giving out incorrect information. (Leave that to quick-fire Twitter and Facebook posts.)
They also advise taking the following steps:
- Run frequent tests of the crisis communication strategy, assess the results, share with the team, and make adjustments as needed
- Have a statement ready in the event of a crisis
- Preselect a high-level spokesperson (in addition to, not instead of, the CIO)
- Avoid the use of “no comment” at all costs
- Designate a call center and have a script ready to handle calls from the media and patients (consult a PR agency if needed)
- Don’t go it alone — contact your vendor and organizations like CHIME for help
It may not seem like it at the time, but a crisis can turn into an opportunity to improve processes and become better prepared for future events, said Bennett. Smart CIOs, however, won’t wait until disaster strikes to have a plan in place.
After all, we know the media won’t wait.