When manually auditing user access proved to be inefficient, Nova Scotia Health Authority invested in a solution to enhance its investigation process.

The challenge

Before the deployment of FairWarning, District Health Authorities (DHAs) were conducting patient privacy investigations in response to complaints using a mixture of paper and highly manual electronic methods. In addition, a limited number of systems had searchable audit logs.

Established in 2006, Health Information Technology Services – Nova Scotia (HITS-NS) is charged with managing a secure, centrally hosted provincial health IT network and select provincial healthcare applications.

Before the deployment of FairWarning, District Health Authorities (DHAs) were conducting patient privacy investigations in response to complaints using a mixture of paper and highly manual electronic methods.

There have already been many improvements in our auditing capabilities with customized reports that an auditor can easily create. I recommend this tool to any organization who is a custodian of personal, private, and confidential information.

FairWarning’s flexibility and compatibility with so many systems allows auditors to capture access activity across the province.

The benefits of this tool enables us to educate staff on the appropriate use of the various systems that contain identifiable and confidential personal / patient information.

The result? HITS-NS and DHAs took full advantage of advanced analytics capabilities within FairWarning. They learned that performing auditing and monitoring using only the application audit logs allows for relatively basic searches such as family member snooping and random audits. They found that monitoring could be greatly improved with the addition of advanced user access data such as information from human resources systems. With this advanced user access data, several customizable analytics such as co-worker snooping and supervisor snooping are now being conducted.

The Results

  • Added ability to search and provide reporting on multiple EHRs simultaneously
  • Detected potential privacy incidents with out-of-the-box reports
  • Fulfilled patient requests by generating a record of all accesses to a given patient across multiple systems
  • Created a customer community that shares challenges, solutions, and ideas for the protection of patient privacy

Share

Share

Download Full Story

Related Success Stories

  • Memorial Healthcare
    Learn More
    Managed Privacy Services
    Memorial Healthcare’s Privacy And Security Comeback: From Reported Breach To Patient Privacy Excellence
  • Nemours and Kaweah Delta
    Learn More
    Patient Privacy Intelligence
    How Leading Security and Privacy Executives Maximize their Time to Secure Patient Data
  • Northeastern Academic Health System
    Learn More
    Patient Privacy Intelligence | Managed Privacy
    Academic Health System invests in a proactive privacy monitoring program to help meet compliance