As a healthcare administrator, you know how important it is to reduce any risk of a patient health information (PHI) data breach. Yet, breaches continue to be a vexing and dangerous problem.

A study from Michigan State University found that about 1,800 large data breaches over the course of seven years had to do with lax hospital policies putting information at risk. How can you best assist your staff and your IT to secure the data at your organization?

Let this research-based advice be your guide:

Monitor unintentional mistakes.

A second Michigan State study determined that half of the recent PHI breaches at U.S. hospitals were not caused by hackers; instead, they happened because of internal issues, often because employees were simply unaware that things they did were putting data at risk.

Behavior such as transferring PHI to personal devices, mistakenly sending protected info to the wrong parties via email and disclosing PHI without knowing how to seek the proper authorization are common ways employees contributed to breaches.

Ask your department managers to review employee behavior, and then work consistently to emphasize procedural do’s and don'ts whenever their workers handle sensitive data.

Provide more options for compliance.

Research from Washington State University found that when employees are given options as to how they can make the info they handle more secure, they do a much better job at locking that information down in a company system.

The researchers recommend avoiding cold, commanding language when issuing security messages. Instead, you should give options about different ways to choose passwords or carry out existing safeguard tasks in a conversational way. When employees think they are collaborating to make a difference, they stay on top of data protection much more stringently.

Break bad habits.

Employees can become desensitized to signs of email phishing over time — including phishing scams targeting critical PHI. Your staff members may not be picking up on clues that indicate an email is suspicious if they are distracted by multitasking.

Stress the importance of being completely focused on the red flags of suspicious emails by setting aside specific times per hour to check email, rather than doing so constantly when focus may be split.

Make security training a monthly mandate.

Up the frequency of your training workshops and refresher courses for each of your departments. Make sure the info you're providing your workers is completely up-to-date and useful by conferring regularly with your IT managers.

Do your own homework.

Read up regularly on innovative technology regarding hospital data protection and alert your hospital CEO to updates you feel should be implemented within your organization. Being as personally proactive as you can in terms of PHI protection knowledge is the best way to stop breaches before they happen.