Within every organization, employees range in personality types from professionally outgoing to socially reserved. Managing a mix of extraverts and introverts can be a challenge, but encouraging each personality type’s strengths and encouraging both groups to understand these dynamics is key.

Extraverts

By nature, extraverts are energized by being around others and that enthusiasm translates as an outgoing personality. Roughly 75 percent of the US population is extraverted.

Common extravert traits:

• Directed outward toward people and things
• Relaxed and confident
• Gregarious, want to be with others
• "What you see is what you get"
• Process outward: Speaks to think ("shoots from the hip")
• Seek variety and action
• Often act quickly, sometimes without thinking

Introverts

On the other hand, although introverts can interact with people skillfully, over time their energy will deplete faster than an extravert. They then need "down time" to "recharge their batteries."

Common introvert traits

• Directed inward toward concepts and ideas
• Reserved and questioning
• Seek quiet for concentration
• Need time alone to recharge and think
• Have valuable contributions, but may hesitate to speak
• Process inward: Thinks to speak
• Likes to think a lot before acting, sometimes without acting!

Understanding different perspectives is critical to effective team building

Extraverts often see themselves as actionable people who work successfully with others but they can be quick to implement tactics that are untested or poorly thought out. Introverted employees often view their extraverted counterparts as noisy and impulsive, actively working to solve a problem, but making many mistakes along the way.

Introverts often perceive their thought processes as more complex, and they often think deeply before sharing their thoughts. More outgoing employees might think their quiet coworkers aren’t spontaneous enough or are slow to respond, leaving them hard to integrate into solution-oriented discussions and team projects.

Because each personality type has a different perspective of the environment, managers should approach meetings with each in separate manners to promote success. Catering to both introvert and extravert tendencies serves to facilitate teamwork, creating better-prepared employees, communications and outcomes.

So how do you manage these two different types of personalities?

Extraverts: Let 'em talk

When meeting with extraverts, managers should allow time for discussion without the necessity of reaching conclusions. Extraverts learn and retain information better when there are active conversations. They tend to "think out loud."

During a team meeting, managers should greet everyone as he or she comes into the room and conduct introductions. Because extraverts typically think faster - although not thoroughly -and tend to have shorter attention spans, it's useful to break up presentations with questions and answer or discussion periods and other exercises. After it's over, leaders should allow time for feedback and conversations with presenters to encourage input.

Additionally, putting extraverts into groups and planning active outings can facilitate their professional development.

Introverts: Let 'em think

Contrary to extraversion, managers should allow introverted employees more time before expecting an answer. Because introverts spend more time reflecting before responding, team leaders may want to hold back before asking for possible solutions. Instead of forcing introverts into groups, leaders could sit one-on-one with them.

To ensure that the opinions of introverts are captured during meetings, managers should provide all participants with an agenda and conduct polls before the meeting, especially regarding important matters. Anyone who hasn't responded in discussions can be prompted for input with lead time to encourage eventual participation. Once the meeting has ended, leaders can summarize the next steps and distribute the materials via email.

A useful tip: Always call on introverts last when soliciting comments during or after a meeting. This gives them additional time to consider other participants' responses and formulate their own with more confidence.

Finally, it's important for managers to realize that people who are outgoing aren't always extraverts, and shyness doesn't necessarily indicate introversion. Most people display a range of these characteristics, although they lean toward one type or the other. The optimal brainstorming teams are comprised of people with diverse skills and perspectives.

It's up to managers to engage each type of team member, regardless of personality, to ensure their optimal contributions are realized.

For more information about how Merit Career Development can help with your teams, please contact us.

In just the few minutes it will take you to review these graphically presented facts, you will gain a good sense of the factors and issues that impact our decision-making. When we pause to understand these, we can literally improve the outcome of our decisions.

Feel free to share this graphic on your own website, through social media or by email. Just click on the code below the graphic to copy for your own use. Of course, there is a lot more detail and guidance available for your team or organization on decision-making and other leadership enhancing strategies. At Merit Career Development we offer on-site, virtually-led and on-demand programs that help improve communications, productivity and impact the bottom line. For more information, contact us.



References

• www.nytimes.com/2011/04/24/business/24unboxed.html?_r=1&
• hbr.org/2011/06/the-big-idea-before-you-make-that-big-decision/ar/1
• https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/flaws-in-strategic-decision-making-mckinsey-global-survey-results

Feel free to share this infographic on your website by copying and pasting the code below. To share this on social media, please see the links below the post. Thanks!

<p><strong>(c) 2014 Merit Career Development. Please include attribution to www.meritcd.com with this <br /> graphic.</strong></p><br /><br /><br /><br /><br /> <p><a href='https://www.meritcd.com/blog.php?/archives/26-Infographic-Keys-to-Improving-Decision-Making.html'> <br /> <img src='https://www.meritcd.com/blog/uploads/images/Merit_DecisionMaking_without-references.jpg' alt='Keys to Improving Decision-Making' width='540px' border='0' /></a></p>

Although the wrong frame in the wrong situation can lead to bad decisions, using the right frame can be beneficial in closing sales with prospective customers.

In her seminal 1996 book, “The Power of Framing: Creating the Language of Leadership,” Gail Fairhurst, Ph.D., explains that when we communicate through framing, we shape the reality of a situation. Our past experiences and perspective create a frame through which we perceive the world and which guide our decision-making. However, the wrong frame in the wrong situation can lead to bad decisions. As Fairhurst explains, through effective framing and use of language, we can become better leaders because we are relating to our followers better and, therefore, being more persuasive.

When it comes to selling products and services to prospective customers, frames can interfere with making the sale. But they can also have a positive effect when used appropriately.

Framing for Positive Outcomes

During the sales process, associates need to be cognizant of the potential buyer’s own frame and how it affects how he or she makes purchases. Many buyers may be hesitant to commit, and these objections can result in failures and frustrations. To navigate the buyer’s hesitations, salespeople need to frame their interactions—drawing on the customer’s wants and needs—to make the customer care about what they’re selling.

Appealing to emotions is essential to the sales process, the buyer should feel good about his or her decision to purchase the product. The salesperson should focus on putting positive twists on perceived negatives, as they can affect how customers react to a sales pitch.

“The Framing of Decisions and the Psychology of Choice,” written by Daniel Kahneman and Amos Tversky and published by the American Association for the Advancement of Science, touched upon the psychological principles of framing. The authors’ posit that people are more influenced by the pain of loss rather than the rewards of gain and will take greater risks to avoid loss than to see potential gain. By framing a pitch around eliminating the threat of loss, salespeople have a greater chance at success.

An effective framing sales pitch puts an emphasis on the outcome, showing prospective clients that they will experience a positive change from purchasing the salesperson’s product or service. While framing can be problematic when used inappropriately, with professional coaching it can be leveraged during the sales call. Creating context for the potential buyer can be the difference between losing or closing the deal.

May 2014

The Department of Health and Human Services (HHS) entered into settlements totaling $4.8 million with New York-Presbyterian Hospital (NYP) and Columbia University Medical Center (CU) for failing to implement appropriate administrative and technical safeguards to secure the ePHI of approximately 6,800 patients^[i]. This is HHS’ highest financial sanction issued to date as a part of breach settlement agreements, confirming its commitment to enforce HIPAA compliance.

Breach Report, Investigation and Findings

NYP and CU received a complaint from an individual who found confidential health information (ePHI) including status, vital signs, medications, and laboratory results of a deceased relative, a former NYP patient, on the Internet. The HIPAA regulations require such ePHI be maintained in secure systems and kept confidential. In accordance with HIPAA requirements, they submitted a joint report of the complaint to HHS dated September 27, 2010 resulting in an investigation by HHS’ Office of Civil Rights (OCR).

OCR’s investigation found that NYP and CU have a joint healthcare services arrangement wherein CU faculty members work as attending physicians at NYP. To support the services, NYP and CU operate a shared data network including firewalls administered by employees of both entities with shared links to NYP patient information systems.

OCR identified the breach to have occurred when a CU physician employed to develop applications for both entities attempted to de-activate a networked server containing NYP patient ePHI. Due to a lack of technical safeguards in place on the network, the de-activation attempt resulted in NYP ePHI becoming accessible to internet search engines.

OCR found that neither NYP nor CU could demonstrate that its servers were secure or contained software protections prior to the breach. OCR found an additional lack of administrative safeguards, specifically that neither entity had conducted a risk analysis to identify all systems with access to NYP’s ePHI or had a risk management plan in place to address potential hazards or threats to the security of its ePHI.

Finally, OCR found that NYP failed to implement its own technical safeguards including procedures for authorizing access to its databases and information access management processes. In addition to the financial sanctions, NYP and CU agreed to a corrective action plan requiring implementation of the administrative and technical safeguards and to monitor compliance with regular reports back to HHS.

Increased HHS Enforcement of HIPAA Compliance

This action gives notice to Covered Entities and Business Associates that HHS has heightened its enforcement efforts since the enactment of HITECH and the HIPAA Omnibus Rule.

It is imperative that a healthcare organization ensure that its workforce understands the privacy and security regulations, not just completes rote training programs, and recognizes the impact that non-compliance - from even one employee - can have on an organization.

The mandated HIPAA safeguards must be in place to identify risks and threats to ePHI and patient information systems, including insider threats from its own workforce. The safeguards must be regularly monitored through risk analysis as a part of a comprehensive risk management program.

[i] See http://www.hhs.gov/news/press/2014pres/05/20140507b.html

In this era of HIPAA enforcement, it is important to understand the fundamental role of the privacy regulations. Privacy outlines the big picture for compliance. Failing to understand and implement privacy's administrative, technical and physcial safeguards can be a costly miscalculation.

Privacy regulations have been in effect since 2003 and are updated regularly on the Department of Health and Human Services’ (HHS) website.

These regulations list compliance requirements for protected health information (PHI) in all formats (oral, paper or electronic). Security regulations are a subset of privacy limited to PHI in electronic format (ePHI). Privacy encompasses the big picture for compliant access, use, and disclosure of all PHI, including ePHI. Investing the staff, resources and time necessary to meaningfully implement privacy regulations is the entrée to compliance and a prudent business decision.

Prior to 2009, regulated organizations were primarily self-monitoring. The lack of outside accountability precipitated the major investment of staff and resources allocated for HIPAA compliance being directed towards building and supporting electronic health records systems. Fewer resources were dedicated to the less concrete, yet more comprehensive, role of privacy. Responsibility for patients’ and clients’ rights; uses and disclosures of PHI; role-based access issues; business associates; and other privacy issues were disbursed over many departments. This resulted in insufficient compliance, lax oversight and a high occurrence of violations.

HITECH’s enactment in 2009 refocused HIPAA enforcement on the privacy regulations.

HITECH mandates the implementation of complaint and breach report procedures, requires accountability for management of PHI, establishes higher sanctions for violations including a new category for willful neglect, and initiated a random audit program for an expanded list of regulated organizations by HHS’ Office of Civil Rights (OCR).

More federal and state regulatory agencies, including FTC and states’ attorney generals, now coordinate with HHS’ enforcement actions. Their websites regularly post results of enforcement actions as notice and guidance for regulated organizations. Most violations settle with corrective action plans (CAPs); some include fines tipping millions of dollars.

Many CAPs require hiring auditors to monitor and report to HHS on CAP compliance, particularly revising policies and procedures and workforce training programs (basic privacy administrative safeguards) over a period of years. As the following three cases from HHS’ website confirm, HHS is serious about privacy compliance.

Continue reading "HIPAA Privacy and Security, Perfect Together"

Managing risk to confidential patient health information (PHI) is not only a critical component of healthcare today; it is also a mandate of the HIPAA Omnibus Rule (HIPAA).

HIPAA mandates that organizations conduct a regular risk analysis to identify and mitigate risks to patient records and the PHI they manage in their electronic health records systems (EHRs). Failure to secure PHI and mitigate the threats and vulnerabilities identified in a risk analysis can result in investigations by the Department of Health and Human Services (HHS) and other federal and state regulatory agencies. These agencies have authority to impose millions of dollars in penalties and fines as well as extended regulatory oversight, and can do so simultaneously for the same offense.

The Situation

According to the HIPAA Omnibus Rule (HIPAA Omnibus Rule)¹, Failing to protect patient records and prevent disclosure of PHI can damage patients’ financial status, job prospects, and reputation, far exceeding the impact of their medical conditions.

The HIPAA Omnibus Rule requires Covered Entities and Business Associates to conduct regular risk analyses² to identify and address threats and vulnerabilities to the confidentiality, integrity and availability of patient records and the PHI they manage and maintain in electronic health information systems.

Millions of dollars in penalties and fines as well as extended regulatory oversight can result from these failures, levied after investigations by the Department of Health and Human Services (HHS) and other federal and state regulatory agencies.

Nearly 30 million patient records have been reported to HHS as compromised in breaches since 2009, according to surveys conducted by healthcare IT security consultants as recently as February 2014[3]. The report states that “(i)n 2013 alone, 199 incidents of breaches of PHI were reported to HHS impacting over 7 million patient records, a 138% increase over 2012.” These statistics do not include breaches that have not been reported to HHS.

Furthermore, HIPAA requires notification of HHS and the patients whose PHI has been breached. Such notification can negatively impact patients’ confidence in as well as the reputation of the service provider. The flip side is that patients build trust in and strengthen their loyalty for their healthcare providers when their PHI is securely managed. A reputation for private and secure management of health information can also serve as a marketing tool for the provider.

In the early roll-out of HIPAA, HHS’ history of lax oversight and few consequences for non-compliance resulted in minimal implementation of the privacy and security standards. Covered Entities lacked comprehensive compliance planning, allocating responsibility over multiple departments to provide workforce training and accountability programs and taking the position that electronic health records systems (EHRs) successfully producing electronic records and bills was sufficient to demonstrate HIPAA and HITECH compliance.

Meanwhile, reports of patient complaints and breaches poured into HHS by the millions. Eighty-three per cent of all large HIPAA privacy and security breaches are the result of theft, according to surveys from HHS sources reported by Healthcare IT News. More specifically, the surveys report that approximately 22% of breaches since 2009 were due to unauthorized access to PHI, 35% were attributed to theft or loss of unencrypted devices containing PHI, and 6% were due to hacking¹.

The results of HITECH’s pilot audit program demonstrated that covered entities lacked understanding of the actual privacy and security standards as well as grounding in the specific implementation requirements the standards impose on internal systems, operations and resources necessary to meet HIPAA compliance requirements.

The HIPAA Omnibus Rule amendments confirm that anything short of a comprehensive, documented and implemented risk management process will not meet HIPAA compliance requirements today. It also requires that risk management program incorporate the results of a comprehensive complaint and breach investigation procedure focused on identifying and addressing workforce errors and patient complaints within the organization. Finally, the HIPAA Omnibus Rule extends these compliance requirements to Business Associates performing services or functions for or on behalf of covered entities.

The Solution

Risk management begins with an organization-wide risk analysis- i.e. an accurate and thorough assessment and mapping out of actual use and disclosure procedures in place for PHI in all formats throughout the whole organization. This includes satellite and multi-state offices, subsidiaries, patient portals, remote access to its PHI/ePHI, and PHI/ePHI disclosed to its Business Associates.

A key component of the assessment involves identifying and planning for mitigation of reasonably anticipated human, natural and environmental threats and vulnerabilities to the organization’s internal and external processes and systems. To be most effective, a risk analysis should be conducted regularly and at key intervals when changes, upgrades and/or mergers take place. The findings from the risk analysis should be incorporated into a document comprehensive and regularly updated risk management strategy for the organization. This documentation is what the OCR will likely request during investigations or audits to evaluate the organization’s compliance efforts.

The next round of OCR audits is scheduled to begin in October 2014. Covered Entities’ and Business Associates’ compliance with the HIPAA security standard’s risk analysis and risk management standard is in the OCR’s cross hairs. Failure to take affirmative steps towards compliance before the OCR comes a’knocking can add additional sanctions for willful neglect to corrective action plans and/or settlement agreements.

Whether the OCR is knocking on your door or not, the private and secure management of the Covered Entity’s or Business Associate’s health information is a critical aspect of quality healthcare services today. Leaders in the industry have this as a critical core value for their organizations, making compliance with the HIPAA Omnibus Rule just par for the course. The availability of secure and reliable healthcare information and data to support quality treatment and services requires the practice of good IT governance and due diligence². Continue reading "Risk Analysis: Prepare Now or Pay Later"

At Merit, we read a lot. From current thought leaders, to the latest research on critical management skills and adult learning theory. The concepts in these books inform our professional education programs. This month we will give away another of our favorites.

In the international bestseller, Thinking, Fast and Slow, Daniel Kahneman, the renowned psychologist and winner of the Nobel Prize in Economics, takes us on a groundbreaking tour of the mind and explains the two systems that drive the way we think. System 1 is fast, intuitive, and emotional; System 2 is slower, more deliberative, and more logical. The impact of overconfidence on corporate strategies, the difficulties of predicting what will make us happy in the future, the profound effect of cognitive biases on everything from playing the stock market to planning our next vacation-each of these can be understood only by knowing how the two systems shape our judgments and decisions. Engaging the reader in a lively conversation about how we think, Kahneman reveals where we can and cannot trust our intuitions and how we can tap into the benefits of slow thinking. He offers practical and enlightening insights into how choices are made in both our business and our personal lives-and how we can use different techniques to guard against the mental glitches that often get us into trouble. (Amazon.com)

The deadline for entries is May 15, 2014.

The HITECH law puts a cap on fines that the Department of Health and Human Services (HHS) can assess for HIPAA violations at $1.5 million per incident per year. However, other federal, state and regional regulatory agencies have authority to impose fines for violations of the HIPAA privacy and security standards, and can do so simultaneously for the same offense.

Health insurer, Triple-S Management Corporation (Triple S) of San Juan, was recently fined $6.8 million by the Puerto Rico Health Insurance Administration (PRHIA) for improperly handling protected health information (PHI) of 13,336 of its beneficiaries who were dual-eligible for Medicare and Medicaid. Accreditation requirements to sell insurance in Puerto Rico required Triple S to sign a contract agreeing to maintain compliance with HIPAA or face fines and additional sanctions for violations.

The breach resulted from a September 20, 2013 incident where Triple S mailed out pamphlets to its beneficiaries with their Medicare numbers visible from the outside. Medicare numbers are unique client identifiers deemed PHI when held by or on behalf of a HIPAA covered entity. As a result of the HIPAA violations, the PRHIA assessed a $6.8 million fine and called for Triple-S to suspend dual-eligibility enrollment, notify affected individuals of their right to end their enrollment, and implement a corrective action plan to prevent future breaches.

Cooperation is Key

In this case, the fine was assessed at $500 for each of Triple S’ 13,336 affected beneficiaries in accordance with the contract Triple S signed with PRHIA. An additional $100,000 was assessed for its failure to cooperate with PRHIA’s investigation into the incident, providing misleading information, and, in response to some requests, not supplying any information to PRHIA at all, as reported by 4Medapproved HIT Security in HIPAA Enforcement Blind Spots (March 3, 2014).

The fines levied against Triple-S put Covered Entities and Business Associates on notice about their absolute obligation of full compliance with HIPAA and implementing proper procedures for reporting and investigating breaches. This is an essential part of HIPAA compliance planning. Further, Covered Entities and Business Associates need to be aware of the concurrent authority of the Federal Trade Commission (FTC) to address HIPAA violations. The FTC can exercise regulatory oversight through corrective action plans for up to 20 years for HIPAA violations. Complying with HIPAA privacy and security standards is the right thing to do for your healthcare practice and/or business—but most important, for your patients and clients.

At Merit, we read a lot. From current thought leaders, to the latest research on critical management skills and adult learning theory, the concepts in these books inform our professional education programs. This month we'd like to give away another of our favorites, The Checklist Manifesto.

Through a gripping story-telling narrative, acclaimed surgeon and writer Atul Gawande, illustrates the value of checklists in multiple scenarios. We learn how the simple idea of a checklist can make the difference, literally, between life and death, and how it's crucial for any high stakes environment. The Checklist Manifesto is an easy read, so don't miss it.

The deadline for entries is April 15, 2014.

Current, practical business ideas

At Merit, we read a lot. From current thought leaders, to the latest research on critical management skills and adult learning theory. The concepts in these books inform our professional education programs and have often helped drive our own business growth. How we'd like to share them with you by giving a book away each month.

For this month's book, Merit recommends Decisive: How to Make Better Decisions in Life and Work.

Following their best sellers, Switch: How to Change Things When Change Is Hard and Made to Stick: Why Some Ideas Survive and Others Die, authors Chip Heath and Dan Heath explore why so many of us make poor quality decisions. This very readable book shares the latest research on decision-making, and examines both corporate and personal case studies on how we can improve our decision-making by following the authors' four step WRAP model.

The deadline for entries is March 14, 2014.