Blogs Home
Thursday, February 11, 2016 1:00 PM

Map Your Way to a Successful Patient Privacy Program

Written by Bill Leonard, Vice President, Professional Services - iatricSystems

Protect Patient Privacy

I have had many conversations with our customers regarding patient privacy monitoring, including the importance of capturing and mapping key data elements such as Guarantor/Subscriber, Next of Kin, and High Profile Patients. These sites varied greatly in size — hospitals, critical access hospitals, HIE organizations, clinics, and providers. Each of these patient privacy monitoring implementations came with unique challenges. I have to say that it’s always interesting to learn what data customers want to include in their treasure chest, to deem their implementation successful.

Capturing Guarantor and Subscriber

Some customers consider the Guarantor and Subscriber information gold and require that information as part of their patient privacy monitoring solution. It was explained to me that the guarantor and subscriber data would catch a lot of insider snooping that the standard "Same Last Name" report won’t catch.

Apparently, these customers have a fair share of love triangles, so being able to match the name of the user against that of the Guarantor / Subscriber listed for the patient produces more actionable results. On my ship, a love traingle would be considered mutiny!

Additional trinkets in the treasure chest of data are the Person to Notify and Next of Kin.

Again, it was imperative that these customers capture this data as part of the solution, because these reports are going to serve as the initial step toward proactive auditing with Security Audit Manager™ and will ensure that their end users are respecting patient privacy. The penalties for inappropriate access can be harsh, but I doubt anyone will make you walk the plank.

Capturing High Profile Patients

Another organization that has been using Security Audit Manager for many years approached us about the ability to audit High Profile Patients (HPP). While their source system allows them to flag a patient as confidential or VIP, the High Profile Patient notation was used separately from the confidential flags. They capture this information at the time of registration on a custom registration screen. We were able to see where in the database that X marked the spot for the HPP field and include the HPP value in their audits. They will soon be able to run the Confidential/VIP Patient Match Report specifically for their High Profile Patient accesses.

One important takeaway here is that the one size fits all approach to patient privacy monitoring implementations will not work for every site. We can’t be rigid and require that all data and fields from every HIS vendor match a single specification. Another important takeaway is that we understand that your policies and procedures may change over time. We will change with them. We are going to take time to understand your needs and build your treasure chest of data accordingly so that you’re getting the most value from Security Audit Manager. It’s one of the reasons Security Audit Manager has been ranked KLAS Category Leader for Patient Privacy Monitoring two years in a row.