With an increasing number of applications accessing patient information, UPMC implements an integrated solution for identity management.
One of the key business challenges was conducting investigations, as well as, a centralized source for application audit logs
UPMC has been at the forefront of innovative approaches in protecting patient privacy. Core to UPMC’s strategy is their Identity Management System in correlation with FairWarning® Patient Privacy Monitoring. UPMC combined these solutions to develop a system-wide privacy compliance program, including monitoring, training and sanctions.
One of the key business challenges was conducting investigations. During each investigation, the facility Privacy Officers (more than 20 across the health system) needed access log information for each application thought to be involved. Investigations required extensive time from the technical support staff to run access log reports on a system-by-system basis.
FairWarning is vital to our regulatory compliance. We in the healthcare industry have existing as well as new regulatory obligations and FairWarning is absolutely crucial to us meeting those regulations.
UPMC uses FairWarning as a tool for managers and Privacy Officers, to ensure that information access is on a ‘need to know’ basis.
The key is to ensure that staff access is appropriate. FairWarning provides the tools necessary to deliver concise information to managers and privacy officers.
The result? Positive impacts of UPMC’s solution include improved dissemination of information and a reduction in incidents. They can aggregate logs and alerts into one bucket with a single reviewer who has the ability to look at all of the logs and alerts across an organization, or send logs and alerts to a user’s manager, so that the manager or Privacy Officer can perform a more focused investigation and/or reviews as necessary.
- Improved dissemination of information
- Reduction in incidents
- Ability to review aggregate information from one single place