The IT help desk, or service desk, could arguably be one of the most important aspects of security in a healthcare system. It’s often the first point, or only point, of contact for the organization’s staff with the IT department. It’s also true that lives can be held in the balance if a clinician can’t access needed data. That’s why CISOs think hard about how to train, maintain and resource a good service desk.
“Typically, when they’re calling us it’s because they have a problem or an issue, they’re looking to get that issue resolved as quickly, efficiently and expeditiously as possible,” said Kathy Hughes, VP and chief information security officer for Northwell Health, on a recent panel. “It’s likely preventing them from doing their job, which could include providing direct clinical care.”
“It’s extremely important that the help desk be not only knowledgeable and educated about how to address the users, but also for them to be very courteous, professional and empathetic,” Hughes said. “Because they’re that first line of defense, their role is absolutely vital to the organization.”
Colleen Sirhal, RN, BSN, chief clinical officer and VP, Customer Success, Hyland, said the importance of the help desk comes down to the mission of the organization. “A nurse or a doctor sitting in an emergency department dealing with a trauma case, who suddenly can’t access an image; that’s really scary,” she said. “And while they may be really calm, there is an urgency, and we need to get all the right people engaged at the right time.”
Teresa Tonthat, VP and associate CIO, CISO, for Texas Children’s Hospital, noted, “Typically, when someone calls our service desk, we have indicators if it is related to patient safety or if it’s a request for more of a less acute need for business operations. I am pretty proud that we’re able to hit our metrics of 70% first call resolution, because we all know not every call that comes in the help desk can be resolved by an agent on the line.”
Tips for Building a Good Help Desk
Empowering the help desk is key. “You never know what questions are going to come in,” Hughes said. “So it’s really important to make sure that there is very comprehensive, searchable, easy-to-find knowledge for the help desk agents to access so they can be as productive, efficient, and helpful as possible.”
Having a flexible support model is also important, said Tonthat. Texas Children’s service desk gets around 15,000 to 21,000 calls a month. “So I think it’s very important that we’re able to have a support model that can flex and surge when needed,” she said. “When we have a significant change in our environment, or we have an EMR upgrade, we’re afforded the ability to flex our service desk team for all the shifts when nurses and clinicians come on site.”
When it comes to the help desk, the conversation shouldn’t just be about technology, it needs to be a people, process and culture conversation, Tonthat said. Texas Children’s flies help desk agents in to do rounding. “You have to be on the floor to really know the heartbeat of what’s happening at the hospital,” she said. “And I think that goes a long way, no matter if we partner with an outside resource or are using our own staff. It’s important that they know they’re an extension of Texas Children’s and not just an SOW we signed.”
Security’s Role With the Help Desk
Leadership structure can help to strengthen security. Northwell recently reorganized, with the IT department and the help desk both reporting directly to the CTO, and the CTO reporting to the chief digital officer. “It’s really bringing all the different technology groups in sync under one area to enable us to focus as a team, collaboratively,” Hughes said. The IT department continually provides the help desk with training about cybersecurity threats pertinent to healthcare. Help desk agents are given the skills they need to explain to the caller what the protocols are and why the protocols are in place.
Tonthat noted a fundamental shift over the past 10 years, making cybersecurity everyone’s responsibility — not just the CISO’s or the CIO’s. “We’ve turned our awareness training team into a marketing team because you need to make sure you can reach the audience (our staff), because they all receive information differently. How I talk about security to a nurse will be very different from how I talk to someone that works in my finance department or my legal department. So you have to know how they like to consume awareness information and then simulate it in a way that it makes sense to them.”
To view the archive of this webinar — Helping the Help Desk Fend Off Latest Wave of Cyberattacks (Sponsored by Hyland Healthcare) — please click here.
Share Your Thoughts
You must be logged in to post a comment.