Providing accurate and secure information is crucial to delivering good care. Healthcare providers must always have access to the right information about patients, and patients must be confident that their sensitive data is handled safely. Lourens Dijkstra, CISO (Chief Information Security Officer) at Lentis, explains how his organisation deals with information security and how Zenya helps them do so.
Lentis GGZ specialises in treating people with serious mental health problems. About 4,000 employees help about 30,000 patients each year, both at home and in their protected housing and (outpatient) clinics spread across (the north of) the Netherlands.
There is a huge amount of data available within the organisation and there are a lot of employees who have to handle this securely on a daily basis. To guarantee that security, Lentis is actively working on complying with the NEN 7510 Dutch standard, which was specially developed for information security in healthcare.
Lourens explains: “There are a number of standards in the field of quality, and NEN 7510 is the standard for healthcare organisations in the Netherlands when it comes to information security. It is based on the international ISO 27001, but extended with a number of measures specific to healthcare. Think of things like patient record security.”
Lourens’ task as CISO within Lentis is mainly to ensure that the management team and employees understand exactly what information security means and what their role in it is. He gives advice and thus aims to get the ownership of information security permanently on the management agenda.
“Getting an organisation to handle information securely is really a growth process,” he says. “If you want to get people on board, you first have to teach them what information security means. This awareness is important for both the people on the work floor and management, but it does start with that bit of ownership by the management.”
How he does that? “By being well informed,” says Lourens. “Everyone is obviously in their own bubble. I see data breaches and hacked companies passing by every day, but a healthcare director is busy with very different things every day. So you really have to bring people into this issue and engage with them.”
A big advantage here is that Lourens is not only CISO, but also speaks the language of management and employees. This is because he is an occupational and organisational psychologist in training and therefore does not only look at information security from a technical point of view, but also (precisely) from the human aspect.
Because we took the NEN 7510 content solution, we immediately got an up-to-date import of the standards frameworks and measures in our own Zenya environment.”
“When I started at Lentis, almost three years ago now, I learned that we had a licence from Zenya that we were not actually using,” Lourens says. “A shame! Because although we were already partly NEN 7510-certified, everything was kept in an Excel sheet. In it you could, for instance, tick off security risks, paste links to documents and give scores. But that was not very convenient. Besides, anyone could just add or change things.”
Lourens heard from several hospitals that they work with Infoland and apply Zenya as a kind of ISMS (Information Security Management System) tool. Zenya is not without reason the most widely used quality and risk management software by Dutch and Belgian hospitals.
Lourens’ interest was sparked. “I then went to these hospitals to see how they use Zenya in practice. This gave us the idea of setting up Zenya DOC as a document management system, and the use of Zenya RISK and Zenya CHECK flowed from there. A next step is to put all the improvement measures into Zenya FLOW. I like the idea of having all those components bundled into one programme,” says Lourens.
As one of the biggest advantages of Zenya, Lourens cites the fact that all risks and the measures to manage them are already in the tool. “You get on a moving train, so to speak, you do not have to enter anything yourself. That was a great starting point for us to choose Zenya,” says Lourens. In fact, as a Zenya customer, you can purchase the ready-to-use NEN 7510 content solution.
When you choose this solution, as a customer you get a complete up-to-date import of the standards frameworks and measures into your own Zenya environment, including an instruction and training for the CISO, administrators and end users. Lentis also chose this solution, which allowed them to make a flying start with NEN 7510 and they could immediately deploy actions and improvement measures.
Lourens: “Through this solution, I have a complete overview in Zenya where I can go through one-on-one with management: what do we have in place, how do we assess a particular risk, what can we do about it? That’s very valuable.”
In addition, Lourens is a fan of the compliance tool in Zenya. There he can show the information security and privacy steering committee including the board of directors at once what the state of affairs is, in a language they also speak.
Lourens: “The NEN 7510 standard is quite abstract. The compliance tool helps to make it concrete. It neatly lists the different parts of the standard, e.g. safe employees, access security and supplier relations. Each component is also given a score. How high do we rate the likelihood of something like this occurring? Have we taken measures to prevent it? You can also retrieve last year’s scores here, so you can see the evolution at a glance.”
Healthcare is heavily dependent on ICT and digital products, services and information. Digital threats, such as ransomware, can affect the continuity of care. To ensure security and continuity, the NEN 7510 standard was created in the Netherlands. Note: this standard therefore only exists in the Netherlands.
The NEN 7510 standard is a standard specially developed for information security in the healthcare sector. It states how, as a healthcare organisation, you should set up your information security. The core of the NEN 7510 is about the management system for information security, also known as an Information Security Management System (ISMS).
Thanks to the compliance tool in Zenya, I can now see at a glance where our risks are and where we are in control. Also, I can now communicate this to management much more easily.”
Lourens believes that safe handling of information starts from the behaviour (people) within an organisation. The right software supports to encourage this behaviour.
“Zenya is definitely an added value to encourage information security behaviour within Lentis. First of all, the full NEN 7510 is already implemented in Zenya, so we could start working with it right away. In addition, the modules give me a handy overview that I can easily share with management. This makes it easier not only for me, but also for them to see in clear and concrete language where we are now in terms of information security. We can then take measures, follow them up, and thus improve our operations,” Lourens concludes.
Find out how your organisation can benefit from Zenya’s application. Request the brochure with no obligation.
Contact our experts without obligation. We will be happy to think along with you.