At risk for compliance violations and potential breaches, St. Dominic added FairWarning to its technology stack.
Exhausting effort was spent due to no feasible way to parse out specific audit information from any system and there was no consistency in any reporting. The conclusion was that the random sampling method was ineffective for detecting inappropriate access.
When HIPAA Privacy/Security Officer Dena Boggan joined St. Dominic Jackson Memorial Hospital in June 2006, she found a less than optimal environment to effectively maintain HIPAA compliance and security operations. St. Dominic faced many challenges common to a health organization:
- Some systems had no audit logs while others had no way to parse out specific information
- Its existing audit tool, Cerner P2Sentinel, had no flexibility to customize for other systems or for the environment
- The number of random audits did not correspond to number of hospital admissions from a due diligence perspective
- Audits were time-consuming and ineffective – so much so that full investigations were only launched when a complaint was logged by
patients or employees
The automation, ease, and facts coming out of the FairWarning solution have resulted in program alignment across St. Dominic’s organization.
During the first few months following deployment of FairWarning, inappropriate EHR access was detected at a very high rate, reducing the number of privacy incidents. St. Dominic then implemented training and enforcement policies that reduced inappropriate access by ten-fold.
- Reduced privacy audit review time 10X
- Reduced reviews from five days per week to one to two days per week
- Re-focused personnel on training, education, research, and programs to drive compliance, privacy, and security across the organization
- Increased visibility of internal privacy incidents 5X