When people in the southwest of England need medical treatment or specialist care, it’s likely they’ll find themselves relying upon the services of this leading healthcare provider (name withheld for privacy reasons).
Taking care of a population of around 430,000 people is a big responsibility for the 5,000 staff. Their 750 beds provide acute care and specialist health services at three main hospitals across the region.
While the medical staff take care of the patients, the IT team take care of the technology and security. With a big workforce, multiple locations and sensitive patient data at stake, maintaining high levels of data security is paramount.
“We’re an IT department that works across the whole county,” says John (name changed to protect privacy), the Service Operations Manager, “so it's really important that we can talk to all our customers.”
Under his guidance, the team had introduced a number of measures to enhance their security footprint – improved proxy servers, firewalls and 365 end point protection, as well as an IT service management system where staff record suspected phishing emails.
Successful cybersecurity is partly technical, partly educational. But while the technical measures were robust, communications to staff were an area of concern.
“We have managed training every year,” John explains. “But we were very bad about going out and getting feedback from clinical colleagues and administrative colleagues about how the messages were working, and whether we were getting the format right, whether it was sinking in at all.”
A moment of clarity suddenly brought the issue home to him. “I was chairing a working group in cybersecurity, when I really went into what we were doing for user education around this, other than some really long emails. What could we demonstrate? And there was very little.”
The issue was not only low readership of employee communications. It was also the risk this posed to the organization's data security.
“Over-communication is a problem,” John says. “We know people don't read emails, but it was very hard with the systems we had to tell who was reading what. You didn't know how many people were actually paying attention or clicking through.”
The problem was exacerbated by the different departments sending out messages – each of them with different objectives, but all using the same communication channels.
“Security Managers would send out emails about ‘there has been an attack at a different hospital, this is what happened, you need to be more careful’,” he explains. At the same time, the Corporate Comms team were creating and broadcasting their own messages.
“They're really interested in getting a daily and weekly message out to their staff which isn't an email,” he continues. “It really made them disappointed that staff weren’t engaging with it.”
But what were the teams doing wrong – and how would knowing this allow them to fix it?
Two of the biggest drivers of message success are formatting and relevance. Are messages easy to consume, and do what they say matter to the audience?
Lengthy emails were a common culprit. Busy staff haven’t the time or desire to wade through them while balancing their workload. John agrees: “One of the biggest communication challenges is getting everybody to format messages in a way that's easy for people to understand.”
Equally as important were the lack of proper audience targeting. Messages on specific topics were sent to all staff, regardless of their location, department or role type. Unsurprisingly, lack of targeting leads to low relevance, which results in low (or no) readership.
John tells of IT messages concerning network maintenance being sent to nurses and doctors. The technical jargon was meaningless to clinical staff, meaning this was the wrong type of message for the audience. “That's the challenge for me. Making sure the right message is getting the right people at the right time.”
Targeting was crucial. “We want to talk to 70 people, not 7000 people at once, because that's just noise for them,” he says. “We needed a better way to communicate than email.”