Safeguarding Patient Records NHS Lothian

FairWarning Helps Safeguard Patient Records at NHS Lothian

Despite having strong computer security and HR policies in place, NHS Lothian needed a more effective way to enforce and audit their policies and properly respond to freedom of information requests regarding electronic patient records.

Download Full Story

Executive Summary

NHS Lothian, one of 14 Health Boards in Scotland, provides services to a population of around 800,000. It runs four main teaching hospitals and 15 community hospitals, and employs nearly 28,000 staff.

As NHS Lothian moves forward with their eHealth strategy, they need to ensure electronic patient records are available to those who need to see them, yet reassure patients that their data is safe and secure. NHS Lothian is using FairWarning®’s privacy monitoring solution to supervise access to clinical systems and identify suspected breaches of their computer security and HR policies for further investigation. The issue NHS Lothian faced was they had a lot of audit data coming from their systems but did not have any good tools to analyze it. They were using these to carry out random spot checks targeting particular staff groups or departments to monitor information being accessed, and to respond reactively to freedom of information requests and complaints when a patient was concerned that someone had gained access to information they should not have through our systems.

Since introducing FairWarning®, NHS Lothian has seen the number of suspected privacy breaches fall, with the trend continuing on downwards over the long term. The Health Board is able to provide more comprehensive and thorough monitoring with considerably less effort, using a process that is repeatable and consistent.

“We were able get the clinical systems delivering their audit data into FairWarning®, and write the reports we wanted all within a few weeks.”

“The biggest benefit is for our patients: we can reassure them that we are protecting their information by ensuring that only people who need to access their information are doing so correctly and appropriately. I’m certainly more comfortable myself as a patient, and as a parent, because as I know what the board is doing to look after my family’s information by deploying FairWarning.”