NHS Lothian Safeguards Patient Records with Comprehensive User Activity Monitoring Program

March 5, 2019

NHS Lothian needed a more effective way to enforce and audit their policies and properly respond to freedom of information requests regarding electronic patient records.

The Challenge

It already had strong computer security and HR policies in place; the challenge, says Alistair McLeod, was to find a way to more effectively police them and ensure they were being followed.

NHS Lothian, one of 14 Health Boards in Scotland, provides services to a population of around 800,000. It runs four main teaching hospitals and 15 community hospitals, and employs nearly 28,000 staff.

As NHS Lothian moves forward with their eHealth strategy, they need to ensure electronic patient records are available to those who need to see them, yet reassure patients that their data is safe and secure. NHS Lothian is using FairWarning®’s privacy monitoring solution to supervise access to clinical systems and identify suspected breaches of their computer security and HR policies for further investigation. The issue NHS Lothian faced was they had a lot of audit data coming from their systems but did not have any good tools to analyze it. They were using these to carry out random spot checks targeting particular staff groups or departments to monitor information being accessed, and to respond reactively to freedom of information requests and complaints when a patient was concerned that someone had gained access to information they should not have through our systems.

Since introducing FairWarning®, NHS Lothian has seen the number of suspected privacy breaches fall, with the trend continuing on downwards over the long term. The Health Board is able to provide more comprehensive and thorough monitoring with considerably less effort, using a process that is repeatable and consistent.

The Results

  • Undertakes routine monitoring for a variety of breaches through a standard set of monthly reports
  • Number of suspected privacy breaches decreasing
  • Provide comprehensive and thorough monitoring with considerably less effort
  • Handle the growing workload without a corresponding increase in resources
Previous Document
Baptist Health Care Meets Regulatory Changes by Auditing Across Multiple Applications
Baptist Health Care Meets Regulatory Changes by Auditing Across Multiple Applications

Baptist Health Care was struggling to work with application vendors to enable auditing and access the logs ...

Next Document
NHS Homerton Deploys Patient Privacy Monitoring to Protect VIP Patient Data
NHS Homerton Deploys Patient Privacy Monitoring to Protect VIP Patient Data

As one of the first NHS Foundation Trusts in England, Homerton has a reputation for excellent care . They w...