Keys to Success in Protecting Patient Privacy
For many years, security and privacy as a whole have perhaps been an underappreciated aspect of healthcare. But that perspective is quickly changing, and more and more health systems are transitioning away from manual, reactive tools and processes to proactive monitoring.
KLAS recently published the Patient Privacy Monitoring 2019 report—the first of its kind. The purpose of the report was to help providers understand who stands out in a highly competitive market through their performance and customer experience. Additionally, we tracked recent decisions made by providers regarding which privacy monitoring solutions have been chosen and why they have been chosen.
False Positives
The number of false positives was a key factor in any solution’s performance. There are many constraints on privacy staff, and more false positives means more cases that aren’t real, which are a waste of time to the staff.
Of course, the best use of a privacy professional’s time is to pursue and remediate real cases. Solutions that decrease the number of false positives, either through technology or managed services, allow providers to put aside the day-to-day concerns in order to be more strategic and forward thinking.
Technology Alone Not Enough
It is critical for organizations to have strong policies and to augment those policies with technology. They need strong guidelines to manage the patient privacy monitoring tools. The tools are very flexible, but if organizations don’t know what to tell the tools to do, they won’t get the results they intend. The key is to redefine policies and ensure that the results are accurate and align with the types of incidents and organization desires to find.
All of the top-performing vendors keep their customers up to date, and they all have cutting-edge technology with machine learning capabilities built in. But they also augment that technology with great service and support. Vendors need to partner with their customers and create an ongoing experience for them. Provider organizations need guidance and policies, not just tools.
Regarding the need for clients to understand their own data, one privacy officer said the following:
“It is important and incumbent on the organization that is choosing a system to understand the data that they are providing and to recognize operational limitations. The system will tell them only what the data has to offer. So if an organization doesn’t understand their own internal operations, it will be hard to ensure that the system is evaluating appropriately to limit false positives or to identify things that really matter.”
Going Forward
We are already seeing some more competitors rising up in the space. Some organizations are also looking at meeting privacy needs with other tools, such as SIEM solutions, to look at logs for instances of inappropriate access. EMR vendors are not currently making a strong push in the space.
Providers want real-time visibility so that they can be proactive, not just reactive. No longer satisfied with rules-based queries, they want to stop data from being inappropriately accessed or react immediately.
We will likely see a greater shift toward managed privacy services (MPS) as more vendors begin offering their own MPS solutions or partnering with others. Organizations will either try to limit their work through technology or outsource their privacy departments through MPS.
Despite patient privacy monitoring being such a newly rejuvenated space, it is off to a good start. Already, we have great vendors doing great things and making strides in patient privacy.
Regarding both security and privacy, the biggest weakness and biggest risk for any organization is its people. People will always present a risk in healthcare, so this space will only continue to grow as organizations seek to meet regulatory demands and protect the privacy of their patients.
I am excited to continue researching this space and to see how organizations leverage new technologies and services to reduce their false positive burden in the near future.
Photo Cred: Shutterstock, Panchenko Vladimir