Success Stories

Detroit Medical Center Enhances Patient Privacy Monitoring With Automated Alerts and Dashboards

Issue link:

Contents of this Issue


Page 1 of 2

Solution Once the need for a privacy auditing solution was identified, the team at DMC pulled together requirements, which included: • Capable of fulfilling meaningful use requirements in combination with Cerner Millennium • Providing compliance automation through automated alerting of potential privacy incidents via email • Completing implementation of privacy auditing and monitoring within four months • Allowing Compliance staff to create and save reports themselves, without involving IT • Proven privacy auditing capabilities for: • Cerner Millennium • Siemens Invision • Sunquest (Misys) Laboratory DMC also identified that the selected privacy breach detection solution must be able to provide an automated alert when specific behaviors occurred, such as employees accessing: • Their own records (self-examination) • A patient record with the same last name (family member snooping) • A VIP patient record, such as a sports figure • Any patient records after termination (former employees) Finally, DMC wanted the ability to run stand-alone reports, including specific user audits showing all activity by a user within a certain date rang. Ultimately, Detroit Medical Center chose FairWarning privacy breach detection based on the strength of its 200+ privacy breach detection analytics, production customer references, and compatibility with over 180 healthcare applications. Implementation Experience Led by their assigned FairWarning implementation manager, Detroit Medical Center moved through the FairWarning implementation process quickly. Beginning with Sunquest Laboratory, DMC then began feeding Cerner Millennium and Siemens Invision audit logs into FairWarning. The whole process from initial data extraction using scripts provided by FairWarning to online training and report configuration was completed in less than 90 days. Results Prior to the implementation of FairWarning, the Regulatory staff at Detroit Medical center was conducting all of their required HIPAA auditing activities manually. Each month, a pre-determined number of patients was selected for audit, and all accesses to those records were checked to ensure that there was a legitimate need for access. With over a million records in the system, this method was hit-or-miss, and very few privacy breaches were being identified. Most potential breaches were identified as a result of a patient complaint, and the resulting investigations were time-consuming and tedious. CUSTOMER SUCCESS STORY Detroit Medical Center "Before FairWarning, employees did not believe their accesses were being monitored. Now they do." -Brenda Chambers, HIPAA Security Officer ® ® ® ® ® ® ®

Articles in this issue

view archives of Success Stories - Detroit Medical Center Enhances Patient Privacy Monitoring With Automated Alerts and Dashboards