Success Stories

NHS Lothian Safeguards Patient Records with Comprehensive User Activity Monitoring Program

Issue link:

Contents of this Issue


Page 0 of 2

Safeguarding patient records at NHS Lothian Overview NHS Lothian, one of 14 Health Boards in Scotland, provides services to a population of around 800,000. It runs four main teaching hospitals and 15 community hospitals, and employs nearly 28,000 staff. It already had strong computer security and HR policies in place; the challenge, says Alistair McLeod, was to find a way to more effectively police them and ensure they were being followed. Alistair McLeod, clinical application and integration manager at NHS Lothian, shares the Health Board's experiences of being the first in Scotland to introduce automated privacy monitoring. The key insight, he says, is that deploying privacy monitoring is not a purely "eHealth project", though it is an essential component in the wider deployment of electronic patient records: it's an HR project that needs buy-in at the highest levels of the organisation. Challenges As NHS Lothian moves forward with their eHealth strategy, they need to ensure electronic patient records are available to those who need to see them, yet reassure patients that their data is safe and secure. NHS Lothian is using FairWarning ® 's privacy monitoring solution to supervise access to clinical systems and identify suspected breaches of their computer security and HR policies for further investigation. FairWarning ® is allowing NHS Lothian to respond to growing demands from patients for better privacy, in order to protect the reputation of the Health Board and expand the trust between patients and healthcare professionals, which is the foundation of high-quality care. "The public are increasingly aware that we are making a lot more information available electronically across the Health Board and they are, understandably, growing more concerned about how we are sharing that information and controlling access to it," he explains. "We needed to put systems in place that would give them a greater level of comfort that we take privacy and security seriously, and to demonstrate that we are being proactive in monitoring access and dealing with any suspected breaches." The issue NHS Lothian faced, he says, was that "We had a lot of audit data coming from our systems but we did not have any good tools to analyse it. We were using these to carry out random spot checks Organization • 4 teaching hospitals • 15 community hospitals • 28,000 employees Health Information Systems • CareFx FusionFx • InterSystems TrakCare Core • NHS Emergency Care Summary • NHS Scottish Care Information Store • Staff Governance Information System (SGIS) Interviewee • Alistair McLeod, Clinical Application & Integration Manager "The introduction of FairWarning ® as an addition to our existing capabilities, has allowed us to significantly move ahead as we strive to ensure compliance with the Data Protection Act and provide assurance to our patients that their data is in safe hands." - Martin Egan, NHS Lothian's Director of eHealth CUSTOMER SUCCESS STORY

Articles in this issue

view archives of Success Stories - NHS Lothian Safeguards Patient Records with Comprehensive User Activity Monitoring Program