Skip Navigation

Thought leadership from SAI to accelerate your performance

Systems Alliance Blog

Opinion, advice and commentary on IT and business issues from SAI
Keyword: healthcare

Last week the Department of Health and Human Services announced a $218,400 settlement with St. Elizabeth’s Medical Center in Brighton, MA relating to a HIPAA compliance violation. 

This enormous fine wasn’t the result of employees deliberately leaking information.  It didn’t come as a result of a major data breach caused by criminal hackers.  It came about because hospital administrators didn’t have adequate controls in place around their IT.

From the Boston Globe:

“The settlement… comes after federal regulators investigated a 2012 complaint that employees at St. Elizabeth’s used an Internet-based document sharing program to store health information of at least 498 patients.”

Employees who likely meant well started putting sensitive data into the cloud.  That’s a major shadow IT headache for any organization.  For those businesses that are subject to HIPAA or other compliance requirements, it’s also a very expensive headache.

Back to the Globe:

“Organizations must pay particular attention to HIPAA’s requirements when using Internet-based document sharing applications,” Jocelyn Samuels, director of the HHS’s Office for Civil Rights, said in a statement. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”

Think this can’t happen to your organization? Wrong.  According to the AMA, even if you’re in the dark about the rules you can be fined up to $50,000.  That’s a lot of money for an honest mistake.

hipaa requirements

Acadia healthcare policies



If you’re handling any kind of sensitive patient data on your network, now is the time to take notice. Here’s where you should be focusing your efforts:

Training, Training, and More Training: Compliance issues are a people problem, not a technology problem. Having organization-wide understanding of compliance obligations is non-negotiable.  Eradicating shadow IT and making sure that all of your employees understand why they can’t use the latest fad cloud application without permission is vital.  Stop letting users make mistakes out of ignorance.

Policies and procedures and tools to share them matter.  Doctors may take an oath to do no harm but if they or other staffers don’t know the rules, how could they know if they’re hurting patients through noncompliance?



policy tip

User Proofing Wherever Possible: Having active control around where sensitive data is stored and how it is transmitted is crucial.  That means you need a technical solution in place to enforce control obligations.  Systems that don’t enforce the standards by default will burn you.  This could be anything from automated filters to watch for particular content in emails, to encryption software that secures data at rest. 

Robust IT Governance Processes: Is your IT department disconnected from the strategic direction of the business?  How well aligned are IT’s priorities when compared with the end users?  Fixing gaps like these discourages users from trying to implement shadow IT.  If stakeholders are engaged through an IT Steering Committee or other governance structure they have the power to keep IT aligned with their needs.  There’s no reason to go it alone if you’ve got organizational partners who are focused on enabling the business.

Not sure where to get started?  SAI can help.

To begin evaluating your redesign, you'll need objective and subjective measures for a 360-degree view of performance. For objective metrics consider starting with the following widely used Web stats:

  • Growth in traffic to key sections of your Website
  • Visitor navigation patterns – are visitors actually going to the pages you want them to, and how are they getting there
  • Change in abandonment rate on key pages
  • Referrer statistics – where is the traffic coming from
  • Growth in conversions – however defined for your particular business, e.g. sales leads, online transactions completed, customer inquiries, etc.
  • Pay-per-click advertising activity (if applicable) – growth in click-through rate and more importantly, conversions.
  • Number of pages updated or created on a monthly basis (fresh/relevant content is critical)

Drilling In

Going a step further, consider which specific metrics make sense for your site and business. Your answer will depend on industry and organization, so consider these examples:

  • Retail – growth in number and value of online transactions, basket composition (cross-selling effectiveness), reduction in phone/email customer service inquiries, growth in customer feedback on products/transactions (engagement)
  • Higher Education – Growth in number of applications for admission and requests for information, growth in giving/donations, increase in yield (shows engagement with prospective/accepted students).
  • Healthcare – Increased number of appointments via online channels, growth in online transactions and services (increasing operational efficiency), improved customer/patient satisfaction.
  • Associations – Membership growth and renewals, product/service sales to members, reduction in phone/email customer service inquiries.

Subjective Metrics
Beyond objective metrics, it is useful to understand how site performance impacts internal and external stakeholders. In terms of internal stakeholders, interviews can be used to understand what, if any, impact your Web transformation had on those aspects of the business that are most directly affected by your Web presence. For external stakeholders (your Website visitors) you can accomplish the same thing with an online survey. Yes, surveys can be hit or miss, but they’re still effective if properly implemented.

The Bottom Line
Your Web transformation project can have a significant impact on your organization’s success. Simply going through the motions, e.g., improving the UI, does not guarantee your site will end up performing any better. And, sometimes, even well-planned projects miss the mark – thought this is a far from tragic outcome if you know how and why.

The intent here is to understand the impact of our efforts – if all positive, then an opportunity to demonstrate in a reasonably objective way, the transformation’s impact on our business and view into the return on investment of our efforts. If our analysis indicates our efforts have not been as successful as we would like – no need to panic, since we should have the information we need to make appropriate course corrections. Either way, this measurement activity provides us with actionable information to help us optimize our Web management efforts – and this is in reality a never ending – and rewarding – process.

Jul 2015