Memorial Healthcare’s Privacy and Security Comeback: From Reported Breach to Patient Privacy Excellence

JOIN WEBINAR
Memorial Healthcare
Register Today!

FairWarning Executive Series Webinar

Memorial Healthcare’s Privacy and Security
Comeback: From Reported Breach to Patient
Privacy Excellence

Tuesday, April 10th, 2018 | 2 p.m. ET / 11 a.m. PT

Memorial Healthcare System (MHS) faced serious privacy and security scrutiny after the login credentials of a former employee of an affiliated physician’s office was used to access ePHI on a daily basis, affecting the patient privacy of 80,000 individuals. The incident resulted in a record $5.5 million HIPAA settlement to the U.S Department of Health and Human Services and an agreement to implement a corrective action plan.

For MHS, the situation was “sink or swim”, but they recognized the opportunity to gain back patient trust by crafting and executing on a vision of patient privacy excellence. Fast forward to today, and MHS has implemented a complete privacy and security transformation.

On Tuesday, April 10th at 2:00 PM EST, our webinar speaker will be Richard Leon, Chief Information Security Officer at Memorial Healthcare System. During the webinar, he will explain how with the help of partners like FairWarning, MHS gains back time to take a proactive and strategic approach to securing patient data. Using the FairWarning Patient Privacy Platform and Managed Privacy Services, MHS secures patient data with world-class privacy monitoring systems, extensive training programs, and a robust “just do” culture of compliance.

In this FairWarning Executive Series Webinar, you will learn:

  • How to proactively prevent breaches and mitigate risk

  • How to develop privacy and security as equal partners to secure patient data

  • How to gain executive level support for your privacy and security initiatives

  • What the OCR expects in your Risk Analysis of information systems holding PHI

  • How to implement privacy and security awareness training to obligate end users to be accountable for securing patient data

Register for the Webinar

About the Speakers

Richard Leon

Richard Leon

Chief Information Security Officer
Memorial Healthcare System

Rich has spent the past 30 years leading Technology Initiatives at Memorial Healthcare System in Hollywood, Florida. Rich has served as a Network Engineer, Software Developer, Bio-Medical Engineering Director, Chief Technology Officer and Chief Information Security Officer during the growth of Memorial Healthcare System from a single community hospital to a six-hospital fully integrated healthcare system. Memorial Healthcare System is one of the largest public healthcare systems in the nation and highly regarded for its exceptional patient- and family-centered care. Memorial’s patient, physician and employee satisfaction rates are some of the most admired in the country, and the system is recognized as a national leader in quality healthcare.

Kurt J. Long

CEO and Founder
FairWarning

Kurt Long is the Founder and CEO of FairWarning, a global leader in application security intelligence solutions. FairWarning protects patient information in Electronic Health Records for over 8,500 hospitals and clinics around the world as well as confidential information in financial services companies with over $ 350 Billion assets. Kurt holds multiple patents around the world related to information security. He has also been involved in the founding of several information security companies that have become public or acquired. Mr. Long is a recognized thought leader in information security, privacy and compliance, and has been featured in dozens of articles, published multiple papers, and has been called on to provide expert testimony before governments in the U.S. and Europe.

DOWNLOAD THE SLIDES

Memorial Healthcare System (MHS) faced serious privacy and security scrutiny after the login credentials of a former employee of an affiliated physician’s office was used to access ePHI on a daily basis, affecting the patient privacy of 80,000 individuals. The incident resulted in a record $5.5 million HIPAA settlement to the U.S Department of Health and Human Services and an agreement to implement a corrective action plan.

Memorial Healthcare’s Privacy and Security Comeback:
From Reported Breach to Patient Privacy Excellence

FairWarning Executive Series Webinar

 

Executive Summary

Memorial Healthcare System (MHS) is a long-time leader in providing high-quality healthcare services to South Florida residents. Today, it is one of the largest public healthcare systems in the nation and highly regarded for its exceptional patient- and family-centered care. Memorial’s patient, physician and employee satisfaction rates are some of the highest in the country, and the system is recognized as a national leader in quality healthcare.

Patient privacy has always been a priority to MHS, but in 2012, the organization detected that patient data had been accessed by a former employee of a third-party entity – compromising the patient privacy of 80,000 individuals. MHS notified the Office of Civil Rights (OCR) and immediately began a journey to create world-class privacy for its patients’ data. Last year, the security incident resulted in a $5.5 million fine and a three-year corrective action plan.

With the help of partners like FairWarning, MHS has transformed their program into patient privacy excellence. MHS chose the FairWarning Patient Privacy Platform and Managed Privacy Services, leveraging FairWarning’s expert team of HIPAA compliance, security and product analysts to minimize its risk profile and improve its compliance posture. Today, MHS secures patient data with world-class privacy monitoring systems, extensive training programs and a robust “just do” culture of compliance.

Participants

Richard Leon, Chief Information Security Officer at Memorial Healthcare explains how he transformed his program to secure MHS, which is comprised of over 13,000 employees, 1,800 beds, and 2,500 physicians across six hospitals and ancillary health facilities.

“We needed a new approach to privacy investigation technology, privacy and security policies and workforce education that would ensure complete PHI access transparency.” Richard said.

Challenge

In this webinar, Rich discusses the privacy challenges that come with a growing health system. MHS’s existing enterprise-wide privacy policies created an influx of data without the resources and expertise to properly investigate each incident. MHS was dealing with more than 10 patient record access alerts per week. Further challenges included ensuring Epic Care Connect access compliance for affiliated healthcare providers and ACO affiliate patient privacy adherence.

Richard explained, “Tracking access to our integrated Epic EHR by employed and affiliated physicians, as well as outside case reviewers and third parties, was essential, and we knew it would require more than just looking at logs for true cross-system transparency.”

Patient Privacy Excellence with FairWarning and Memorial Healthcare

As the first step in the MHS privacy and security journey, Richard developed a multipronged strategy framework that was built on the foundation of administrative policy controls and awareness training.

“FairWarning provided the data to understand workflows, pinpoint workforce data access and privacy challenges, and guide training,” said Richard.

With a true understanding of end-user behaviors and process modifications, Richard and his team developed training campaigns and videos to provide education and collaboration for privacy and security.

In addition, MHS began to see real results from the FairWarning platform and associated policies. The health system now gets detailed reporting when PHI information is accessed and printed, as well as, reasons behind who what and why. Richard explains that FairWarning has reduced the snooping alerts from one a day to one a week. He also explains the benefits of a 90% reduction in false positives with FairWarning.

“The 90% reduction in false positive alerts through the use of FairWarning’s Managed Privacy Services have saved us the time equivalent of two more FTEs to handle the past quantity of false alerts.”

The Q&A portion of this webinar will likely amaze you, with answers to some of the industries most pressing questions with transparent and honest insight.

This webinar provides an opportunity to learn how FairWarning provides a foundation for privacy and security and partners with organizations to design a roadmap for proactively mitigating risks and continually developing a culture dedicated to patient privacy excellence.

Webinar Speakers

Richard Leon

Richard Leon
Chief Information Security Officer
Memorial Healthcare System

Kurt J. Long
CEO and Founder
FairWarning

2018-05-28T15:43:19+00:00