Striving to enhance its auditing capabilities without impacting the performance of its systems, Columbus Regional adds FairWarning to its technology stack.
When Columbus Regional Hospital (CRH) received a patient privacy complaint in 2005, the security and IT team accessed the clinical system audit logs and found very minimal data. In fact, they found that the user logged on/off data was overwritten every 24 hours.
CRH depended on vendor auditing solutions — and in many cases, there was no solution. Vendors were also instructing CRH not to turn on auditing capabilities in their clinical applications saying, “they take too much storage space and may have a negative impact on performance of system.”
CRH has successfully developed a culture of privacy and compliance through a new educational program led by departmental leaders in security, privacy, technology, and human resources. CRH has also stated their savings continue to grow as more audit sources are added into FairWarning, and they don’t have to rely solely on their security or privacy teams. They can give FairWarning reports to any department leadership to validate activities and determine whether access to sensitive information was inappropriate or not.
Before I had to go to a different audit system and on different applications even the same vendor has different independent audit systems. FairWarning brought it all together in one.
FairWarning definitely raises awareness and helps us get to better patient privacy and we are now doing more education for our workforce because of things we are seeing in the solution.
- Developed a culture of privacy and compliance through a new educational program
- Established new guidelines to review system access every month
- Significantly reduced reporting time