Looking to dramatically simplify its auditing process to keep up with regulatory requirements, Halifax Regional was able to automate its audit reports with FairWarning.

The challenge

Halifax Regional had a manual audit reporting process and knew they could not keep up with requirements using the current manual auditing process.

As an early adopter of EHRs, Halifax Regional was always aware of the need to address privacy and security concerns. With McKesson as their primary EHR vendor, they had been using McKesson STAR Audit for reporting on activity within their clinical systems for 17 years.

With increasing regulations and standards for privacy and security, Halifax Regional knew they could not keep up with requirements using the current manual auditing process. Long before ARRA HITECH, the privacy office at Halifax Regional was seeking a tool to provide: Proactive privacy monitoring to detect breaches independent of receiving a complaint, Effective random auditing capabilities, Advanced analysis and reporting off of audit log data, and Automation of compliance auditing for HIPAA.

Prior to FairWarning, we didn’t trust the audit log data. It was like stabbing in the dark, hoping you hit what you were looking for.

Using McKesson Services, we were able to implement a new audit source in less than one day. I was very impressed.

With FairWarning, I feel comfortable that I can keep an eye on employee access.

The result? Once FairWarning was up and running, education and communication was conducted across the organization, that access to EHRs was being monitored. This lead to a dramatic decrease in incidences throughout the organization. In addition, when the Chief Privacy Officer receives a request for a report of all access to a particular patient’s record, she has the report in hand and emailed to the requesting manager within 15 minutes. Prior to FairWarning, this would have taken 2 to 3 days or longer, and possibly up to 4 weeks if a report required vendor assistance.

The Results

  • Proactive privacy monitoring to detect breaches independent of receiving a compliant
  • Effective random auditing capabilities
  • Advanced analysis and reporting off of audit log data
  • Automation of compliance auditing for HIPAA
Download Full Story