The Kelsey-Seybold Clinic is well-known throughout the greater Houston area of Texas, with a 70-year history that includes being the healthcare provider for NASA’s astronauts. Today, the clinic serves patients through more than 20 different locations, including ambulatory centers, cancer centers, and a certified sleep center.
We recently spoke with Martin Littmann on The New CISO podcast, chief technology officer and chief information security officer for the Kelsey-Seybold Clinic. Littmann has been with the clinic since 2006. During that time, he’s watched as it shifted to remote work for employees who had once been confined to an office.
As working from home becomes the new normal for businesses across all industries, Littmann has a few words of wisdom. With years of experience, Littmann has a unique perspective on security, communication, and worker management in a remote work era.
The switch from office-based work to telecommuting didn’t happen overnight. When the clinic decided to give virtual health a try, they did so initially through a pilot program, experimenting with video visits and virtual interaction. They were early adopters in the space, making the switch when some healthcare professionals were saying it wasn’t possible. Through the experience, Littmann learned the importance of always looking at where technology will go next.
“You have to be non-limiting in your thinking about what the potential of technology will be,” Littmann says. “And not only that, the potential, the applicability, of that technology.”
One of the biggest concerns, when shifting to remote work, is that employees won’t be as productive. Littmann says it’s a question he sees often. His response is always, “How do you know they’re productive when they’re on site?” The key to managing remote workers is shifting your mindset. Instead of overseeing everything your team is doing, you have to learn to trust that they’ll get the work done without being watched.
“People can be very productive. I would argue that the IT people, who are now actually working much more remote than they used to, are if not as productive, even potentially more productive than they had been historically.”—Martin Littmann
Security was especially complicated for the Kelsey-Sebold Clinic, which is bound by HIPAA regulations. Satisfying those requirements while having part of their team working remotely was a challenge. But Littmann was fully prepared.
“HIPAA legislation has always required us to monitor access to patient records and to be aware of who’s touching what, etcetera,” Littmann says. “We’ve been doing that for years, and we have tools that generate alerts that we can look at and evaluate and determine if somebody is doing something that’s not appropriate. There is heightened awareness of that because of the various kinds of testing and things that may be going on that causes us to be even more alert in watching for those things today.”
For Littmann’s team, the key to security has been awareness. He keeps an eye on access and behaviors, having alerts generated for suspicious activities. However, he stresses that insider threats can be a bigger problem since some of the people you hire won’t be in the office every day. For that, he has put measures in place to protect data, including limiting the activities people can do remotely.
Staying in touch
When work shifts to a remote setup, communication is more important than ever. Littmann recommends paying close attention to how you were communicating beforehand. Can you create that same environment using the many tools available today? For the Kelsey-Sebold Clinic, Microsoft Teams and Skype are essential for staying in touch.
“My advice would be there still have to be touchpoints, as many touchpoints as you had when you were physically close together,” Littmann says. “Now, you’re simply doing those more electronically. They can still be face-to-face. They can be video chats. You can just as easily call a quick meeting. Sometimes, frankly, it’s a lot easier to get a group of people together for a quick chat when you’re remote because literally, everybody is almost always in front of their terminals or not far away. And frankly, the meetings go faster.”
Moving forward, Littmann believes security will become more essential than ever. It’s important to realize that information security doesn’t operate in a vacuum. Technologists must work with others across their organization to ensure that when big decisions are made, they’ve considered all the security repercussions. With the right systems and expertise, a team can easily make remote work both safe and rewarding for everyone involved.
Listen to Martin Littmann’s full podcast hosted by Steve Moore on The New CISO podcast.