A self-care resource for health care professionals

by Roxanna Maiberger

Hurricane Harvey’s impact has been catastrophic; historic rainfall has resulted in mass flooding and destruction. (1) Thousands have been displaced from their homes and forced to seek the services of emergency relief providers, including those of health care professionals. Throughout Texas and the nation, images of suffering and despair have evoked feelings of helplessness, guilt, and a sense of being called to action for those watching.

Many health care professionals have been providing care under extraordinary measures to patients in need. It is critical for those providers to take proactive measures in self-care techniques in order to continue providing quality care to patients. This article outlines the concept of self-compassion and lists practical self-care techniques to encourage sustainability for emergency health care service providers.

Self-compassion is a concept researched by Kristin Neff, an associate professor at The University of Texas at Austin. (2) Her research on self-compassion consists of a three-pronged theory involving:

  1. Self-kindness;
  2. Common humanity; and
  3. Mindfulness.

Health care providers should take an active role in their own self-preservation and sustainability, in order to effectively care for others. Self-kindness is not synonymous with self-indulgence, self-pity, or self-esteem. Rather, it is a concept based on reducing isolation by increasing awareness of the suffering associated with situations that you and others around you may be facing. Positive self-talk is an important aspect of self-kindness.

Common humanity
Common humanity encompasses our collective human experience, and it interconnects the human race. During challenging times, all people face emotional states involving a range of traumatization, suffering, and stress. Acknowledging these various states of mind, as well as our common experience, allows communities to unite, move forward, and begin to heal. The concepts of self-compassion and common humanity provide a foundation for acknowledging and encouraging human connection, a critical aspect of quality patient care.

Mindfulness includes evaluating the reality of a situation and being aware of any associated emotional and physical impacts. Being mindful, or engaged with the present moment, can create a foundation for effectively navigating difficult situations.

The severity of the damage from Hurricane Harvey is still unfolding. It has been a life-changing event for many. It is important to remember that patients will be prone to mental health concerns (e.g. PTSD, shock, anxiety), physical health ailments, non-compliance with medication due to pharmacy closures, and more. These circumstances will remain an ongoing reality for patients affected by Hurricane Harvey. Maintaining compassionate care for both self and others contributes to patients receiving the care they need, and health care providers effectively engaging in emergency response efforts.

During these difficult times along the Texas coastline and the Houston metropolitan area, many health care providers are being pushed to their limits emotionally and physically. Some self-care tips to encourage sustainability include: (3)

  1. Acknowledge moments of suffering;
  2. Remain empathetic to yourself, as this fosters empathy with others; and
  3. Practice self-compassion as a means to promote quality health care.

Below are additional self-care tips, recommended by the Centers for Disease Control and Prevention that can be used during natural disaster emergency response events. (4)

  1. Know the signs of compassion fatigue and burnout;
  2. Develop a support network/use the buddy system;
  3. Debrief about experiences;
  4. Know that it is not selfish to say ‘no’;
  5. Take breaks and do not exceed working more than 12 consecutive hours;
  6. Have adequate water and food intake.

We appreciate the efforts of our policyholders in providing exceptional care to patients, especially during times of crisis. The well-being of our policyholders and Texas patients is of utmost importance to TMLT.



  1. Chokshi N, Astor M. Hurricane Harvey: The devastation and what comes next. The New York Times. August 28, 2017. Available at https://www.nytimes.com/2017/08/28/us/hurricane-harvey-texas.html?mcubz=3. Accessed September 8, 2017.
  2. Neff K. Definition of self-compassion. Available at http://self-compassion.org/the-three-elements-of-self-compassion-2/. Accessed September 8, 2017.
  3. Neff K. Self-Compassion: The Proven Power of Being Kind to Yourself. William Morrow. 2011. Available in print.
  4. Centers for Disease Control and Prevention. Emergency preparedness and response. April 15, 2016. Available at https://emergency.cdc.gov/coping/responders.asp. Accessed September 8, 2017.
  5. For information on the symptoms of burnout, here is a helpful article http://www.compassionfatigue.org/pages/healthprogress.pdf.

FDA warns of risk associated with liquid-filled intragastric balloon systems to treat obesity

The U.S. Food & Drug Administration (FDA) has issued a risk alert after receiving five reports of unanticipated deaths in patients with liquid-filled intragastric balloon systems used to treat obesity.

All five reports indicate that patient deaths occurred within a month or less of balloon placement. In three reports, death occurred as soon as one to three days after balloon placement.

At this time, the deaths have also not been directly attributed to the devices or the insertion procedures for these devices.

The FDA recommends that health care providers closely monitor patients treated with these devices for complications and that you promptly report any adverse events related to intragastric balloon systems.

More information, including how to report an adverse event, is available on the FDA website.

TMLT changes online payment interface, vendor

On Thursday, August 31, 2017, TMLT will move its online premium payment services to JPMorgan Chase. The change will have a minimal effect on policyholders currently making online payments through our policyholder portal, myTMLT. However, some slight changes to the interface will occur.

  • Policyholders who are currently enrolled in auto-pay will need to re-enroll. We will halt all auto-pay processes beginning Friday, August 25. If you use auto-pay, you will receive an email the week of August 14 with instructions on how to re-enroll. Please be on the look out for that important message.
  • When making a payment, and/or adding a new credit or debit card, policyholders will be re-directed to TMLT’s Chase banking page. Our payment-processing page remains a single sign-on. Separate login credentials will not be necessary.
  • If a policyholder has both a TMLT and a TMIC policy, these payments will be made separately. This capability allows policyholders to use separate credit cards to pay each premium. The two premiums (TMLT and TMIC) will now be listed on separate tabs within the “Payment Options” page.

Please contact our Customer Service Team, 1-800-580-8658 ext. 5050, with any questions or to enroll in auto-pay.

Insecurity in health care

By John Southrey, CIC, CRM

I write regularly about cyber risks in health care. So it was no surprise when I was recently notified of a ransomware attack at a medical practice where I’m a patient. The provider’s notification letter cautioned:

“We are writing to inform you of a data security incident at _________ that may have resulted in the potential disclosure of your medical and personal information . . . Our investigation indicates that your personal information may have been impacted by the ransomware, including your name, address, date of birth, Social Security number, and medical information . . . we have taken steps to prevent a similar event from occurring in the future, including improving our network security, updating our system backups, and retraining our employees regarding suspicious emails and patient privacy and security.”

Lost or stolen health care data can be compromised for years. The data could be used for medical identity theft or the alteration of patient data, so protecting it is critical. However, for many medical practices, the extent of their cyber security is limited to updating their computer hardware and installing critical software patches.

Doing more to protect patients’ health information may be considered unnecessary (“I’m too small to be a target”) or too expensive and disruptive to the practice. So discussions about enhancing data security best practices — such as using endpoint encryption and application control along with workforce security training — may go unheeded.

So how can a practice know what their actual cyber risks and vulnerabilities are? Without a comprehensive risk assessment, they can’t. In such cases, a practice’s cyber security often becomes an idiosyncratic configuration constructed from disparate sources. And without any external assessment, there is little opportunity for an advanced understanding of the broad attack surface in health care and the need for a multi-layered security approach to combat emerging cyber threats.

The usual malware entry point is through social engineering techniques that use phishing emails designed to trick users into providing system access. Unfortunately, these types of ploys have a high success rate because the health care industry is known to be behind in cyber security and because employees are known to be the weakest link.

Attackers use a broad range of vulnerabilities and exploits. Simply installing the latest software patches to prevent exploitation is not enough. The URL (web link) filter installed on the practice’s server might block an employee from visiting a malicious site. If this layer of security fails, the practice’s system is exposed to the exploit.

Sometimes a practice’s system is not equipped to detect certain threats. More sophisticated attacks look for unknown vulnerabilities in a software program — a “zero day vulnerability” — that can go undetected before the vendor can fix it.

According to the Ponemon Institute’s research, 90% of health care organizations have experienced a data breach involving the loss or theft of patient data in the past two years. (1)

To proactively mitigate data breaches, medical practices need up-to-date policies and procedures and robust cyber security protocols. These include the ability to block exploit-based attacks and make any detectable cyber threat go through layers of protections, including a “human” firewall of trained staff who can react to social engineering ploys.

Ultimately, practices must accept cyber threats as a serious business risk and dedicate resources to mitigating them. The clinical dependency and interconnectedness in modern health care has created a digital quagmire — and regardless of how strong a practice’s cyber security defenses are — cyber criminals will always seek a way inside.

1. Ponemon Institute. Sixth annual benchmark study on privacy and security of healthcare data. May 2016.


For further reading
Office of Civil Rights. My entity just experienced a cyber-attack! What do we do now? A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR). Available at https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf. Accessed June 28.

Department of Health and Human Services. Cyber attack quick response. Available at https://www.hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif. Accessed June 28.

Health Care Industry Cybersecurity Task Force. Report on improving cybersecurity in the health care industry. June 2017. Available at https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf