Successful Privacy Protection is Powered by Collaboration
As privacy professionals know, protecting the privacy of an organization’s staff, partners, and customers is an ongoing battle. It’s also a battle that can’t be won without cohesive, cross-functional collaboration.
In a recent live Q&A, Doug Niska, VP of Privacy Operations at UnitedHealth Group, likened collaboration on privacy protection to an automobile.
“If you have an engine in one room, transmission in another, and the chassis out in the parking lot, you have ingredients for a car. But until you connect them all, make sure the timing is set right, and get them fueled up, you’re going nowhere. You have to operate as a team. If you’re operating in a vacuum, you’re not going to be around very long and you, personally, aren’t going to be very successful.”
Relationships are the Foundation of Cross-Functional Collaboration
Niska knows how challenging collaboration can be, especially in a large organization.
UnitedHealth Group (UHG) is a worldwide company with operations that encompass many aspects of healthcare. The company serves over 137 million people worldwide, including the U.S. states and territories, South America, Europe, Asia, and Australia. Its offerings include health plans and insurance, a clinical practice group that includes more than 90,000 professional clinicians serving patients within their Optum line of business, plus mail-order pharmacy, pharma benefits, data analytics, research, mental health, EAP, and even a banking operation.
Niska’s team oversees privacy programs involving over 325,000 employees plus partners in offices around the world.
With such diverse and distributed operations, we asked Niska how he fosters the cross-functional collaboration that is critical to mitigating organizational risk. He says it all starts with human connections:
“I encourage my team members to make a lot of friends. Take the time to get to know their colleagues well, both professionally and personally. The foundation is staying connected, communicating well, and not making assumptions that everyone understands exactly what you want. Keep your eye on the ball and have some fun while you’re doing it.”
Proactive Engagement Pays Off
As you can see in the above poll results, privacy professionals attending the live Q&A overwhelmingly said that the most important thing for other functional areas to understand is that collaboration with privacy strengthens the whole organization.
Niska and his team reinforce that understanding with privacy programs that are very proactive. Privacy and data protection experts embedded within the different operational areas work with their colleagues to build privacy and data protection into product offerings from the start. The core privacy team also works with Legal to track changes in laws or regulatory policies. Then they work with staff in the different business areas to anticipate and make changes to meet new requirements.
We asked our audience to tell us, as privacy leaders, which teams they tend to work with the most often when working on a new project.
You can see by the results below that security rises to the top of the list, followed by legal. While security and privacy teams often work together, security is likely even more top of mind right now given the additional challenges of securing data, and ensuring data privacy, across a remote workforce.
Metrics Can Drive Cross-Functional Collaboration
Niska is also a huge believer in using privacy metrics to show stakeholders what’s working well and where there are opportunities for improvement. His team works with operational areas on training and security measures to create change.
“Last year we processed 2.8 billion claims. Every one of those claims was an opportunity to provide a great experience for our members or a terrible one, maybe even a data breach. We sent out 1.29 billion pieces of mail. Every one of those could go to the right house, or it could go somewhere else. We handled over 300 million service calls.”
Niska’s team helps train customer-facing staff on the privacy-related aspects of their jobs.
“When a customer says, ‘I want a copy of my designated record set,’ we don’t want the customer service rep to say, ‘What are you talking about?’ So, we’ve collaborated to provide scripting, and we’ve trained staff to answer questions customers are likely to ask about privacy or data protection issues related to each particular transaction.”
Planning Ahead Minimizes Disruption and Maximizes Connection
As the above results show, it seems that despite being remote most privacy teams are aligned and working with maximum efficiency, for the most part. Curbing expectations and being realistic about deliverables are clearly important.
Cross-functional collaboration on privacy issues is challenging at the best of times, and even more so now, as the coronavirus pandemic has workforces scattered, from essential operations centers to home offices.
Niska feels fortunate that UnitedHealth Group is forward-looking, routinely embracing new technology, and had a well-developed work-from-home capability already in place, including secure VPNs, teleconferencing, and videoconferencing. He finds webcams very helpful in maintaining personal connections between people working remotely. UHG’s preparedness has helped minimize disruption that can also cause privacy and security problems.
“We made business continuation plans many years ago and have kept those plans current. We knew how and who could work from home, and how to set up alternative facilities. For example, we have a number of backup centers for essential computing operations that are equipped with overnight facilities, generators, water, etc., so operating staff could lodge in place. So, when this pandemic hit, we were able to just ‘pull out the playbook.'”
Going the (Social) Distance
Niska says the coronavirus situation has created some unanticipated needs. For example, with kids attending school online, some families haven’t had the internet bandwidth to support parents and kids working at the same time. So, UHG has paid for new broadband installations to support those families’ needs.
Niska’s organization has also been taking extra care in dealing with the relaxed HIPAA requirements during the pandemic.
“We’ve been careful to try to understand quickly what the relaxed regulations mean and get the nuances defined for our various audiences. We’re tracking those areas and documenting carefully, so if a question comes up in 5 or 10 years, we can defend what we did. We’re also documenting what we’re learning right now, so we’ll know more about how to handle situations like this in the future.”
Bringing Out the Best
As stressful as the coronavirus situation has been, a change of routine can have surprising benefits. Organizations are reexamining assumptions about how and where employees can be productive. Sheltering in place has been a blessing to some families. And working remotely has brought out the best in many working relationships. Niska has been pleasantly surprised:
“The people that I work with are wonderful on a personal and professional level, and now I’ve seen an even more collegial sense of personal responsibility to each other. People are following up with each other more frequently, staying connected, and offering support. They’ll ask co-workers how they’re doing and give them a chance to vent. Everyone needs a kind word sometimes.”
He predicts we may come out of all this better than before.
“Sometimes we see our best qualities as a workforce and as human beings in times of challenge. I think we’re going to hear a lot of positive stories in the future.”
You might also be interested in:
Topics: The Privacy Collective