Hospital deploys FairWarning Privacy Breach Detection software to prevent snooping
Aintree University Hospitals NHS Foundation Trust has selected FairWarning’s Privacy Breach Detection solution to counter the growing threat of serious data breaches and the improper accessing of electronic health records.
The trust already accesses 90% of patient health records on line, but Ward Priestman, director of informatics and senior information risk officer at the trust, said the organisation wanted to ensure sensitive data was not abused.
Previously, most confidential information was on paper, locked in secure storage and well managed. But now that we’re starting to record an increasing amount of clinical and confidential data on electronic systems, the thinking has got to mature
He added: “There is a sea-change in the depth of data that is now being recorded electronically. Previously, most confidential information was on paper, locked in secure storage and well managed. But now that we’re starting to record an increasing amount of clinical and confidential data on electronic systems, the thinking has got to mature. Solutions such as FairWarning are going to be imperative.”
Aintree was one of the first NHS trusts to implement an electronic patient record (EPR) and has since gone on to develop a far-reaching informatics infrastructure.
“Health records at the trust are almost entirely electronic,” said Priestman. “We have engineered over 90% of the paper out of the organisation, but with electronic systems it is much easier to access patient records en masse. We took the view that we needed to be more pro-active in identifying breaches and have chosen to implement the FairWarning system toenable us to monitor access efficiently and effectively.”
The number of security breaches involving patient data has doubled in the UK in the past four years, with studies suggesting that the greatest threat comes from NHS staff abusing their legitimate access rights to electronic records. Countering this problem has historically been challenging.
Priestman said: “Previously, the only way to address this was either through random audits or in response to a complaint. This was reactive, time-consuming and incredibly difficult to do. We needed a pro-active, automated system that could tell us when people had been inappropriately accessing records. With FairWarning, staff will be aware that they are being monitored and, as such, inappropriate access should drop. It’s a virtuous circle. Once a few breaches have been identified, people will recognise that the system is policing itself and the likelihood of individuals transgressing will reduce. They know they will be found out.”
Staff will be aware that they are being monitored and, as such, inappropriate access should drop. Once a few breaches have been identified, people will recognise that the system is policing itself and the likelihood of individuals transgressing will reduce
Aintree plans to implement FairWarning across its EPR, electronic document management system, digital radiology system, electronic prescribing system and its clinical portal.Les Baker, country manager of FairWarning UK, said: “As the health service continues to explore the undoubted opportunities of electronic healthcare, it is our hope that more NHS organisations follow the lead of pro-active trusts such as Aintree University Hospital in recognising that sustainable data protection is the bedrock of success. Automated record monitoring and privacy breach detection solutions are readily available to the NHS, and they will be a key component in the successful delivery of the ambitious, but vitally important, NHS Information Strategy.”