We all know that as EMRs replace paper records, it is impossible to manually review millions of audit logs to check for potential patient privacy breaches. As a result, in the past, most organizations resorted to random audits. I want to believe that a majority of healthcare organizations are now using technology to automate the monitoring of these patient access logs.
I have had many conversations with our customers regarding patient privacy monitoring, including the importance of capturing and mapping key data elements such as Guarantor/Subscriber, Next of Kin, and High Profile Patients. These sites varied greatly in size — hospitals, critical access hospitals, HIE organizations, clinics, and providers. Each of these patient privacy monitoring implementations came with unique challenges. I have to say that it’s always interesting to learn what data customers want to include in their treasure chest, to deem their implementation successful.
Healthcare Privacy and Information Security programs have evolved substantially in recent years. This is due not only to the requirements of Meaningful Use, HIPAA, and HITECH, but due to the growing threats to our sensitive information. Recent Cyber security analysis estimates that nearly half of all cyber attacks identified in 2015 were directed at healthcare. Many of these incidents involved insider threats or the mishandling of information by staff. It can be a daunting task to keep our Privacy and Security practices ahead of the threats that target them. This is why a risk-based approach to auditing is not only helpful, it is necessary.