NHS Lothian needed a more effective way to enforce and audit their policies and properly respond to freedom of information requests regarding electronic patient records.
It already had strong computer security and HR policies in place; the challenge, says Alistair McLeod, was to find a way to more effectively police them and ensure they were being followed.
NHS Lothian, one of 14 Health Boards in Scotland, provides services to a population of around 800,000. It runs four main teaching hospitals and 15 community hospitals, and employs nearly 28,000 staff.
As NHS Lothian moves forward with their eHealth strategy, they need to ensure electronic patient records are available to those who need to see them, yet reassure patients that their data is safe and secure. NHS Lothian is using FairWarning®’s privacy monitoring solution to supervise access to clinical systems and identify suspected breaches of their computer security and HR policies for further investigation. The issue NHS Lothian faced was they had a lot of audit data coming from their systems but did not have any good tools to analyze it. They were using these to carry out random spot checks targeting particular staff groups or departments to monitor information being accessed, and to respond reactively to freedom of information requests and complaints when a patient was concerned that someone had gained access to information they should not have through our systems.
The biggest benefit is for our patients: we can reassure them that we are protecting their information by ensuring that only people who need to access their information are doing so correctly and appropriately. I’m certainly more comfortable myself as a patient, and as a parent, because as I know what the board is doing to look after my family’s information by deploying FairWarning.
We were able get the clinical systems delivering their audit data into FairWarning®, and write the reports we wanted all within a few weeks.”
Since introducing FairWarning®, NHS Lothian has seen the number of suspected privacy breaches fall, with the trend continuing on downwards over the long term. The Health Board is able to provide more comprehensive and thorough monitoring with considerably less effort, using a process that is repeatable and consistent.
- Undertakes routine monitoring for a variety of breaches through a standard set of monthly reports
- Number of suspected privacy breaches decreasing
- Provide comprehensive and thorough monitoring with considerably less effort
- Handle the growing workload without a corresponding increase in resources