Proactive Privacy Monitoring

FairWarning Helps Halifax Regional Health System Replace Their Manual Processes With Proactive Privacy Intelligence

Looking to dramatically simplify their auditing process in order to keep up with increasing regulatory requirements, FairWarning’s patient privacy solution gave Halifax Regional Health System what they were looking for.

Download Full Story

Executive Summary

As an early adopter of EHRs, Halifax Regional was always aware of the need to address privacy and security concerns. With McKesson as their primary EHR vendor, they had been using McKesson STAR Audit for reporting on activity within their clinical systems for 17 years.

With increasing regulations and standards for privacy and security, Halifax Regional knew they could not keep up with requirements using the current manual auditing process. Long before ARRA HITECH, the privacy office at Halifax Regional was seeking a tool to provide: Proactive privacy monitoring to detect breaches independent of receiving a complaint, Effective random auditing capabilities, Advanced analysis and reporting off of audit log data, and Automation of compliance auditing for HIPAA.

The result? Once FairWarning was up and running, education and communication was conducted across the organization, that access to EHRs was being monitored. This lead to a dramatic decrease in incidences throughout the organization.  In addition, when the Chief Privacy Officer receives a request for a report of all access to a particular patient’s record, she has the report in hand and emailed to the requesting manager within 15 minutes. Prior to FairWarning, this would have taken 2 to 3 days or longer, and possibly up to 4 weeks if a report required vendor assistance.

“Prior to FairWarning, we didn’t trust the audit log data. It was like stabbing in the dark, hoping you hit what you were looking for.”

“Using McKesson Services, we were able to implement a new audit source in less than one day. I was very impressed.”

“With FairWarning, I feel comfortable that I can keep an eye on employee access.”