Success Stories

Columbus Regional Health Creates Enterprise-Wide Auditing With a Flexible Solution for All Users

Issue link:

Contents of this Issue


Page 2 of 2 North America Headquarters 13535 Feather Sound Drive, Suite 600 Clearwater, Florida 33762 USA 1-727-576-6700 United Kingdom & Europe Oxford House, Campus Six Caxton Way, Stevenage Herts SG1 2XD +44 0800 047 0933 About FairWarning FairWarning ® invented and is the global leader in patient privacy monitoring solutions which guard against abuse of patient information in Electronic Health Records (EHRs) and Health Information Exchanges (HIEs), enabling care providers to confidently connect physicians, clinics, patients and affiliates. FairWarning ® 's patient privacy monitoring solutions are compatible with healthcare applications from every major vendor, and available as either on-premise or software-as-a-service with managed services available to complement existing resources. Customers consider FairWarning ® solutions essential for compliance with healthcare privacy regulations such as ARRA HITECH privacy and meaningful use criteria, HIPAA, EU Data Protection, UK Freedom of Information Act, California SB 541 and AB 211, Texas HB 300, Massachusetts 201 CMR 17.00 and Canadian provincial healthcare privacy law. CUSTOMER SUCCESS STORY Columbus Regional Hospital Armed with facts, a cross-functional CRH team and hospital leadership (and escalation procedures and processes – including disciplinary actions as of May 1, 2009), expect to see a big impact in reduction of privacy incidents as the word spreads about the FairWarning solution and the disciplinary actions that are implemented. "FairWarning definitely raises awareness and helps us get to better patient privacy and we are now doing more education for our workforce because of things we are seeing in the solution." During the recent CRH annual internal audit, the spotlight was on IT. One of the recommendations made called for system access to be reviewed by department leadership on a periodic basis depending on type of information. From this, a new guideline was established to review access to systems every month, no less than every quarter. "FairWarning will be part of our toolset to meet the recommendations and new guidelines of internal audit, and we are working with our FairWarning team to feed in two financial systems into the solution for random and periodic auditing." FairWarning will be used by Security and Privacy to input a user name, get a report output, take it to department leadership to validate appropriate access, help identify questionable access, and work with leadership and human resources to address. "Sanctions, complaints, audit, privacy incident – regardless of how we get it, if it meets the definition of a violation, we run FairWarning reports and send notice to the department and include HR from the beginning." CRH uses FairWarning for the original security rule under HIPAA around activity auditing, and are planning for enhanced HIPAA provisions from ARRA-HITECH and the FTC Red Flags Rule. "The FairWarning solution will help us with this. We have not had any HHS violations validated, which we use as a measure of privacy and security. In comparison, in talking with some of our peers, we know similar size hospitals in our state have had numerous complaints and violations." CRH states that their savings grow as more audit sources are added into FairWarning. And they don't not have to rely solely on the Security team or the Privacy team but can give FairWarning reports to department leadership to validate activities and access as questionable or not. "FairWarning has taken us from having to know and use different audit systems in different applications to one user interface. It used to take me at least 15 minutes per application to review audit logs versus now it may take 15 minutes to run report and review a report in the FairWarning solution." ® ® ® ® ® ® ® ® ® ® ® ® ®

Articles in this issue

Links on this page

view archives of Success Stories - Columbus Regional Health Creates Enterprise-Wide Auditing With a Flexible Solution for All Users