Halifax Regional Embraces Automated Audit Reports to Improve Privacy & Security

March 5, 2019

Looking to dramatically simplify its auditing process to keep up with regulatory requirements, Halifax Regional was able to automate its audit reports with FairWarning.

The Challenge

Halifax Regional had a manual audit reporting process and knew they could not keep up with requirements using the current manual auditing process.

As an early adopter of EHRs, Halifax Regional was always aware of the need to address privacy and security concerns. With McKesson as their primary EHR vendor, they had been using McKesson STAR Audit for reporting on activity within their clinical systems for 17 years.

With increasing regulations and standards for privacy and security, Halifax Regional knew they could not keep up with requirements using the current manual auditing process. Long before ARRA HITECH, the privacy office at Halifax Regional was seeking a tool to provide proactive privacy monitoring to detect breaches independent of receiving a complaint, effective random auditing capabilities, advanced analysis and reporting off of audit log data, and automation of compliance auditing for HIPAA.

The result? Once FairWarning was up and running, education and communication was conducted across the organization, that access to EHRs was being monitored. This lead to a dramatic decrease in incidences throughout the organization. In addition, when the Chief Privacy Officer receives a request for a report of all access to a particular patient’s record, she has the report in hand and emailed to the requesting manager within 15 minutes. Prior to FairWarning, this would have taken 2 to 3 days or longer, and possibly up to 4 weeks if a report required vendor assistance.

The Results

  • Proactive privacy monitoring to detect breaches independent of receiving a complaint
  • Effective random auditing capabilities
  • Advanced analysis and reporting off of audit log data
  • Automation of compliance auditing for HIPAA
Previous Document
Saint Luke’s Health System Streamlines Patient Privacy Protection
Saint Luke’s Health System Streamlines Patient Privacy Protection

As the Saint Luke’s privacy team conducted assessments and audits to identify potential vulnerabilities, th...

Next Document
Columbus Regional Health Creates Enterprise-Wide Auditing With a Flexible Solution for All Users
Columbus Regional Health Creates Enterprise-Wide Auditing With a Flexible Solution for All Users

When Columbus Regional Hospital received a patient privacy complaint, the security and IT teams found very ...