When manually auditing user access proved to be inefficient, Nova Scotia Health Authority invested in a solution to enhance its investigation process.
Before the deployment of FairWarning, District Health Authorities (DHAs) were conducting patient privacy investigations in response to complaints using a mixture of paper and highly manual electronic methods. In addition, a limited number of systems had searchable audit logs.
Established in 2006, Health Information Technology Services – Nova Scotia (HITS-NS) is charged with managing a secure, centrally hosted provincial health IT network and select provincial healthcare applications.
Before the deployment of FairWarning, District Health Authorities (DHAs) were conducting patient privacy investigations in response to complaints using a mixture of paper and highly manual electronic methods.
There have already been many improvements in our auditing capabilities with customized reports that an auditor can easily create. I recommend this tool to any organization who is a custodian of personal, private, and confidential information.
FairWarning’s flexibility and compatibility with so many systems allows auditors to capture access activity across the province.
The benefits of this tool enables us to educate staff on the appropriate use of the various systems that contain identifiable and confidential personal / patient information.
The result? HITS-NS and DHAs took full advantage of advanced analytics capabilities within FairWarning. They learned that performing auditing and monitoring using only the application audit logs allows for relatively basic searches such as family member snooping and random audits. They found that monitoring could be greatly improved with the addition of advanced user access data such as information from human resources systems. With this advanced user access data, several customizable analytics such as co-worker snooping and supervisor snooping are now being conducted.
- Added ability to search and provide reporting on multiple EHRs simultaneously
- Detected potential privacy incidents with out-of-the-box reports
- Fulfilled patient requests by generating a record of all accesses to a given patient across multiple systems
- Created a customer community that shares challenges, solutions, and ideas for the protection of patient privacy