With FairWarning, the Privacy Office at Weill Cornell is much more aware of who is accessing PHI. As a result, patient privacy has been strengthened as action can be taken to reduce improper access. Reports with automatic alerts are now integrated seamlessly with their existing investigation and resolution processes, improving compliance with:
- Accounting of Disclosures requirements in the ARRA HITECH Act
- Organizational audits and investigations required under HIPAA
- PHI information system activity reviews required under HIPAA
Using FairWarning behavior-based scenarios, alerts to potential incidents are automatically sent to the FairWarning users at Weill Cornell, including to the Privacy Officer’s iPhone. As soon as an alert is received, the information is reviewed then can be sent to the employee’s supervisor for further review and validation.
Once more information is gathered, a determination can be made as to whether the access was improper. If so, the incident is escalated to Human Resources for sanctions or additional training. Even alerts which are determined not to be improper are used to refine training programs and processes.
Prior to implementing FairWarning, investigating an incident took days, several people, and multiple e-mails and phone calls. Now, Weill Cornell gets an alert automatically about potentially suspicious behavior, and can drill down into the data within the web-based user interface. Weill Cornell is now able to investigate a user taking even the briefest look at a record, and has the ability to proactively detect potential violations.