Our Next Webinar

Everything You Know About Mobile is Wrong

Thursday, May 24

3 PM Central

Whether you have a mobile site, are dabbling in apps, or are trying to decide if mobile is right for your hospital, join us for this webinar.

Register for this FREE event

Browse our webinar archive


Revolution Report

Subscribe today and join 3,500 of your colleagues who get Geonetric's Revolution Report in their in-boxes every month.

Privacy & Spam Policies

Sorry, you must have JavaScript enabled to sign up for newsletters.

eHealth Articles & White Papers

Bridging the Divide Between Marketing and IT

Ben Dillon - Vice President & eHealth Evangelist and Linda Barnes - Vice President of Business Development

If you are in charge of your hospital's website and it stops functioning properly, you must answer to key stakeholders, both inside and outside of your organization, who want to know what went wrong and what steps are being taken to fix the situation. Unfortunately, the department responsible for answering the tough questions can sometimes be different from the department that has the answers.

How do you ensure your site receives the appropriate level of attention in the event of a disaster or security breach?

The divide: Marketing and IT

In the majority of healthcare organizations, the marketing department typically owns the website. The IT department tends to be responsible for security-they manage security standards and ensure proper measurers are in place to protect the hospital and its website.

Both departments understand and would agree that online security and uptime are important. But is that enough to get you through in a crisis? If your facility's data center is hit by a hurricane tomorrow, where does restoring the website fall on your list of to-do items? What if a patient's personal information accidentally becomes accessible through your website? How quickly can you respond?

It becomes difficult to manage the roles and responsibilities between marketing and IT if you don't have clear expectations in advance and wait to figure it out after the disaster occurs.

The role of marketing/communications

As a marketing professional, you are responsible for your organization's image in the marketplace - your brand. As a communications professional, you are responsible for communicating to all of your various audiences, even - or perhaps especially - in the case of a disaster or security breach.

If your data center is destroyed by a natural disaster and your website goes down, you lose an important channel to share information with your audiences. Prospective patients who can't access your site may decide to go to a competitor hospital because they don't know if your Emergency Department is functional. You also lose the functionality and interactive component of your site. Patients can no longer pay their bills online. Will they mail them in or just wait for your website to become available again. How significantly will that impact your hospital's cash flow?

Not all IT professionals understand the full value that a website provides; they may simply see it as an online brochure, and therefore, low in the priority list for their disaster preparedness planning or security reviews. For healthcare organizations that do not have a constructive working relationship between their Web or marketing departments and IT departments, that division can cause communication problems when security is challenged.

The role of IT

As a technology professional, you are responsible for balancing many priorities, especially in the event of a disaster or security breach. You may assume that your website doesn't have any secure information or if it does, the marketing department owns the website and they will take responsibility for it.

First, your website undoubtedly has information that you need to protect and may be legally responsible to do so. Even if you don't have Personal Health Information (PHI) on your site, you likely have some information that requires a high level of security. For example, if a patient submits information about a health condition on your "Contact Us" form - that becomes PHI.

It is best to protect your data as if it includes personal health information. This means your server should be managed by an IT professional who is equipped and trained in supervising protected information for the healthcare industry. The IT professional should be responsible for your organizations' technical security (such as firewalls) as well as physical security (it should be next to impossible for a person to unplug and walk out with the server).

Second, not all marketing professionals understand the complexities of security and disaster preparedness and will likely need your expertise in dealing with and planning for those issues. Including them in your process will establish the appropriate plans and priorities in advance and will ensure the best long-term results for your organization.

Protecting your website through outsourcing

A common way to ensure your site receives the attention it deserves in the event of a disaster is to outsource the hosting of your site. It relieves your hospital's already overworked internal IT department, and there is usually a contract in place holding the hosting party accountable for security issues.

As you evaluate the option to host externally, it is important to make sure your marketing and IT departments are both comfortable with the decision. You'll want to jointly evaluate and balance the cost of outsourcing against several issues, including 1) the time and dedication needed to ensure each server is secure, 2) conflicting internal projects, and 3) resource constraints in the event of a disaster.

Once you make the decision to outsource the hosting of your site, it is important to select a reputable and knowledgeable hosting provider. You should require the outside party to sign a service level agreement (SLA). The agreement details the responsibilities of each party, responsiveness to issues, uptime standards, and procedures for recovery when issues occur (including backup and recovery). If you decide to host the site internally, you may still consider having the IT department complete an SLA to outline roles and responsibilities.

Outside hosting providers should also sign your HIPAA Business Associates Agreement (BAA). This is a good test of a hosting provider's readiness to deal with your sensitive information. If they are hesitant to sign a BAA, they probably are not equipped to host healthcare information.

Working together to protect your hospital

Marketing and IT both want what is best for their hospital. Any friction between the two typically stems from poorly communicated expectations, unclear needs, vague promises, and, as a result, a failure to commit the appropriate resources at the right time.

You can relieve this pressure by working together. The simple act of discussing and agreeing, in advance, to the expectations for server management helps each team understand any concerns and driving factors. It can be an excellent tool for building a better working relationship between the departments. And, working together to create a disaster preparedness plan and conduct regular security reviews will minimize the probability of a security breach and mitigate the risks associated with a natural disaster.