At risk for compliance violations and potential breaches, St. Dominic's added FairWarning to its technology stack.

The challenge

Exhausting effort was spent due to no feasible way to parse out specific audit information from any system and there was no consistency in any reporting. The conclusion was that the random sampling method was ineffective for detecting inappropriate access.

When HIPAA Privacy/Security Officer Dena Boggan joined St. DominicJackson Memorial Hospital in June 2006, she found a less than optimal environment to effectively maintain HIPAA compliance and security operations. St. Dominic’s faced many challenges common to a health organization:

  • Some systems had no audit logs while others had no way to parse out specific information
  • Its existing audit tool, Cerner P2Sentinel, had no flexibility to customize for other systems or for the environment
  • The number of random audits did not correspond to number of hospital admissions from a due diligence perspective
  • Audits were time-consuming and ineffective – so much so that full investigations were only launched when a complaint was logged by
    patients or employees

The automation, ease, and facts coming out of the FairWarning solution have resulted in program alignment across St. Dominic’s organization.

After researching auditing tools and reviewing the capabilities of P2Sentinel to determine if it was feasible to use it as our primary auditing tool, FairWarning stood out as the most feasible and cost effective solution to our problems.

FairWarning ’s presence in our environment ensures we’ve met qualifications required by HIPAA as well as the new ARRA-HITECH Act.

During the first few months following deployment of FairWarning, inappropriate EHR access was detected at a very high rate, reducing the number of privacy incidents. St. Dominic’s then implemented training and enforcement policies that reduced inappropriate access by ten-fold.

The Results

  • Reduced privacy audit review time 10X 
  • Reduced reviews from five days per week to one to two days per week
  • Re-focused personnel on training, education, research, and programs to drive compliance, privacy, and security across the organization
  • Increased visibility of internal privacy incidents 5X
Download Full Story