Traits for Tomorrow’s Leaders
Developing leadership talent is a significant challenge facing healthcare; it is tough to address, as the exit of industry leaders looms large in light of career-defining pressures created by the pandemic. The pandemic’s timing coincides with many baby boomers entering retirement age. This has the potential to leave a vacuum of power and experience that neither of the two generations after them can address on their own. The number of Generation Xers is too few to fulfill the demand, and while some millennials are exceptionally qualified to take senior positions today, most are still developing and honing their skills. As healthcare organizations work to fill leadership positions and prepare the next generation of leaders, what traits will be most important for those leaders to possess?
Traits for Aspiring Leaders at all Stages
Entrepreneurship: Develop an entrepreneurial mindset aimed at meeting others’ needs.
Although it seems to be part of a new vernacular, “entrepreneurship” in healthcare is hardly new. In her book Unlikely Entrepreneurs, Catholic Sisters and the Hospital Marketplace 1865–1925, Barbra Mann Wall shares the story of a 27-year-old Irish immigrant nun who sailed across the ocean in 1877 and would later become administrator of a major Catholic hospital in the U.S. That nun, Sister Lidwina Butler, would ultimately lead two different hospitals, and her second stint as a hospital administrator would last 18 years.
Her literal and figurative journeys defined her and many other religious women who set sail from Ireland and other European countries and some who relocated from within the United States to serve the healthcare needs of others. The women who made those journeys also helped set the standard for the modern healthcare leader: to create and sustain a robust health infrastructure and care models to take care of the vulnerable, their families and communities. Their model of entrepreneurship was as relevant then as it is today. They carefully and systematically studied their communities to identify unmet needs and focused relentlessly on meeting those needs—traits today’s leaders should aspire to as well.
Accountability: Be accountable to yourself and others.
For years, author Cy Wakeman has proposed that accountability––which she describes as the mindset to exert control over one’s circumstances and embracing reality––increases individual performance. Embracing reality and rejecting the urge to fill in the blanks with biases and drama are timeless characteristics that will help leaders succeed.
Trust and Trustworthiness: Trust and be worthy of the trust of others.
In their Sept. 8, 2016, article in the journal Business Ethics: A European Review, authors Alvaro Lleo de Nalda of the University of Navarra, Manuel Guillen of the University of Valencia, and Ignacio Gil Pechuan of the Polytechnic University of Valencia, discuss their research on the influence of three factors that influence the trust between managers and subordinates. They use the widely accepted definitions of these terms as follows:
- Ability: The skills and knowledge necessary to do one’s job.
- Benevolence: The demonstration of caring for those under one’s leadership, and loyalty to them for reasons not related to self-interest.
- Integrity: The adherence to sound ethical and moral principles (including an organization’s articulated values) and following through on one’s word.
Though organizations have multiple ways in which to influence the degree of trust employees have in them, there is no variable more able to impact trust than the immediate supervisor.
Higher Purpose: Connect to the mission and find a higher purpose at work.
In their book Option B, Adam Grant and Sheryl Sandberg speak about the importance of finding meaning at work. For those of us in the healthcare workforce, well-being is dependent on the healthy integration of life and work. As a generation of millennials engages in leadership pursuits, many also are experiencing how life and work are now permeating each other. They, like Gen X and baby boomers, realize the importance of what we do matters beyond profits and losses and that we can impact the lives of others for the better, thereby increasing fulfillment with work. To do work that matters also increases one’s ability to experience happiness and joy in life and work.
A Leadership Framework
Luminis Health has developed its Team, Change and Business leadership framework as the foundation of its efforts toward leadership development. Leaders who attend training or perform developmental activities intentionally tie what they have learned into this framework. This balanced approach ensures every aspect of a leader’s competency is appropriately supported and developed.
The TCB framework informs the identification and development of high-potential leaders. It also helps the organization achieve effective succession planning. Luminis Health’s Leadership Essentials, one of the mechanisms for leadership development based on the TCB framework, aims to develop a balanced set of competencies common to all leaders in the organization.
Tools for Team and Self-Development
As part of their development, leaders at Luminis Health become versed in principles of mindfulness and well-being. Leaders also use talent-measurement tools to uncover their strengths, help them lead with those strengths, as well as celebrate and capitalize on the strengths of others on their teams. The organization also administers emotional intelligence competency assessment tools. In addition, it offers opportunities for leaders to discuss the results revealed by both tools individually and in groups led by certified facilitators.
As the healthcare field continues to evolve, the next generation of leaders will need to be well prepared for what lies ahead. With these leadership traits in mind, and with rigor and attention to leadership development, healthcare organizations will be able to continue to care for their patients and improve the health of the communities they serve while providing career opportunities in which leaders and staff can thrive.
—Adapted from “Traits for Tomorrow’s Leaders,” Healthcare Executive, J. Manuel Ocasio, FACHE, chief human resources officer, Luminis Health, Annapolis, Md.
Repelling Cybersecurity Events
In recent years, many healthcare organizations have stepped up their cybersecurity efforts, but phishing scams and ransomware attacks have become more sophisticated. Healthcare remains a prime target for criminals. Cybercriminals have learned that healthcare organizations not only maintain large quantities of data but also will pay substantial sums of money to avoid an interruption in patient care and protect the safety of patients.
Healthcare’s recent digital expansion means cybercriminals have more targets. Telehealth, remote patient monitoring and patient-focused digital tools, such as mobile health tracking apps and patient portals, extend a health system’s digital landscape far beyond a physical campus.
The pandemic has also brought cybersecurity challenges to the forefront. More employees working off-site means information from across the organization is accessed from unvetted locations. This requires attention to how the remote workforce’s processing, access and storage of data is secured.
The following actions can be taken to help organizations prepare for and repel a cybersecurity event:
Build your human firewall. A key takeaway of the publication is that cybersecurity can no longer be viewed only as the province of the IT department but must be the responsibility of all staff who have access to digital information, EHRs or network resources.
It cannot be overemphasized that organizations must build a culture of cybersecurity, also called the human firewall, in addition to their existing technical security programs. Basic cyber hygiene and patching will always be required. However, it only takes one person falling victim to a phishing scam to jeopardize the whole organization’s security posture, so the days of cybersecurity being solely IT’s responsibility are gone forever. This requires an awareness of cybersecurity threats, a continuous evaluation of existing threats and the incorporation of preventive strategies at all levels of the organization.
Gain senior leadership buy-in. A defining characteristic of an organization that establishes its human firewall is ardent buy-in from leadership. Effective senior leaders make sensitivity to cybersecurity threats and organizational preparedness part of the way the organization performs its work. An important step is supporting the chief information security officer’s promotion of cybersecurity programs. One program of importance is the development of a strong human firewall that achieves the following four objectives:
- Identification of social engineering attempts to get confidential information or a user’s credentials. Does staff know how to identify a phishing email or text?
- Rapid identification of a cyber event. Does staff know the signs of a cyberattack and how to report?
- Rapid response to a cyber event. Does staff know how to contain a cyber event?
- Continuous improvement. Is the program frequently reviewed and modified as needed?
Cybersecurity threats should be treated as a matter of when, not if. A strong human firewall requires an awareness of vulnerabilities and responses at all levels of the organization.
Establish staff training programs. With staff expected to take a greater role in cybersecurity, organizations would be remiss to neglect staff training. Training needs to include the entire workforce, not just clinicians. Every member of the organization needs to know that they are a critical part of an organization’s cyber defense and be educated to anticipate both conventional and nonconventional intrusions. These exercises should be tailored to different staff roles and the technology frequently used in each position.
To stay ahead of new threats, staff training cannot be a one-and-done event. Regular refreshers need to be part of the plan. Periodically evaluate staff to ascertain whether they appropriately respond to test cyber challenges such as phishing or social engineering tests. Based on the results of the testing, additional training should be conducted and the cycle repeated.
Testing should include how to identify and what to do in the event of a cyber security incident and not be limited to phishing tests.
Incorporate cyber emergency management. Responses to cybersecurity attacks need to be incorporated in other emergency plans. This includes having a clear link to business continuity and emergency management plans and ensuring staff can identify when a cyber incident should trigger the plan.
Any plan should include how to safeguard the greatest amount of data and information in a cyber event and who to notify if a potential breach occurs. In addition, operational contingencies need to be in place if a cyber event impacts some or all IT and biomedical systems. Staff can limit the impact of cyber events by thinking ahead and protecting critical backups from cybercriminals and making sure that offline emergency documentation is kept up to date.
Be mindful of staffing. Thinly spread staff and workforce burnout are growing issues as employees are asked to be more efficient and do more with the same or less. Overstretched and burnt-out staff make it challenging to maintain an effective human firewall because they are prone to making mistakes that affect security. Organizations, in recent years, have reduced headcounts to be as operationally efficient as possible. This limited staffing creates a challenge in how to prioritize daily operational responsibilities and strategic projects with important cyber initiatives and cyber responses. Senior organizational leadership needs to be mindful of these challenges and collaborate with IT and business leadership to ensure that one does not suffer because of the other and either clearly reprioritize activities or bring in additional staff as needed. This will be easier for some organizations than others, especially in the current climate, where, even if there is a desire to bring in additional staff, many organizations are struggling with recruiting and maintaining their workforce.
As an alternative, in some cases, to hiring a consultant or bringing in additional IT staff, a wealth of free and trusted resources is available from government agencies and business partners. Some free resources that highlight best practices and include free cybersecurity tools include Cyber Insurance Carriers, Cybersecurity & Infrastructure Security Agency, Healthcare and Public Health Sector Coordinating Council, InfraGard, Internet Crime Complaint Center, National Institute of Standards and Technology, and SANS.
The Joint Commission is also always willing to share its winning practices, and it will continue to post cybersecurity guidance and recommendations on its website for public use.
—Adapted from “Repelling Cybersecurity Events,” Healthcare Executive, Patrick Ross, associate director, Federal Relations, The Joint Commission, Oak Brook, Ill.; and Michael DeGraff, director, Enterprise IT Security, The Joint Commission, Oak Brook, Ill.