|
|
Why Privacy Surveillance ?
The healthcare industry is experiencing an epidemic of high profile privacy incidents involving employees and affiliates using Electronic Health Records (EHRs) to conduct unlawful activities such as VIP record snooping, identity theft, medical identity theft as well as co-worker, family member and neighbor snooping. These incidents have serious consequences for both the patients and institutions involved.
What is Privacy Surveillance ?
Privacy surveillance systematically identifies users who are engaging in patient access patterns that are indicative of snooping, identity theft or other risky behaviors. Privacy surveillance is performed for all crucial EHRs and applications which provide access to Protected Health Information (PHI). Privacy surveillance then filters out known false positives, and brings any remaining potential incidents to the attention of appropriate privacy personnel. Based on reference-able FairWarning® customer studies, manual review processes are reduced by over 90 % and incident visibility is improved by over 80 %, which means that on average, for every incident found by a manual process, at least four (4) more go undetected.
FairWarning's All Inclusive Solutions
FairWarning provides all-inclusive out-of-the-box solutions which include:
FairWarning® customers site potential loss of trust between patients and their institutions as well as potential lawsuits as the main reasons for deploying our privacy surveillance solutions. Compliance with state and federal legislation are additional considerations.
Centralize Healthcare Audit Logs from Your Applications
FairWarning® uses patent pending technology that is ideal for healthcare providers who are concerned for patient privacy and operate a myriad of applications such as Allscripts, Cerner, Eclipsys, Epic, GE, McKesson, Misys, Siemens, and many others.
Compliance Considerations
Establishing and sustaining procedures for detecting and deterring anticipated risks like the ones detailed in this document are responsibilities outlined in HIPAA, FTC Identity Theft Red Flag Regulations as well as applicable state laws. In September 2008, California passed state laws that fine individuals and institutions involved in healthcare patient snooping, AB 211, and SB 541 respectively. Looking forward, pending federal legislation, H.R. 6357 sponsored by Rep. Pete Stark (D-California) would expand federal penalties for HIPAA violations and authorize state attorneys general to file lawsuits to enforce the privacy rule.
Life Without FairWarning®
Healthcare organizations have a variety of applications from Allscripts, Cerner, Eclipsys, Epic, GE, McKesson, Misys, Siemens, and many others that access Protected Health Information (PHI). As Healthcare applications have become accessible to a growing number of staff and partners, the risk of mistaken or fraudulent access to PHI has also grown exponentially. This creates unprecedented security and compliance risks.
Not surprisingly, without FairWarning® most Healthcare organizations manually collect and correlate basic information relating to audit reporting, systems review and incident research. These manual processes are slow, expensive and highly complex to conduct. These processes are usually conducted only when there is an incident or pending event, interrupting the normal work of security and compliance administrators.
###
|
