Patient Privacy Monitoring 2021
Many High-Performing Options for Keeping Records Safe

Decision Insights: Maize Analytics
Organizations making new purchases are interested in Maize Analytics because of functionality, cost, the vendor’s reputation, and the pre-sales experience; organizations view the cost as lower given the AI and machine learning capabilities Maize offers. Organizations who considered Maize but ultimately did not choose them often cite a less user-friendly product experience.

Decision Insights: Protenus 
Prospective Protenus customers gravitate to the solution largely based on its technology and functionality. Respondents feel the platform offers deeper or more advanced features than other options, specifically mentioning the AI and machine learning. These organizations say they prefer the Protenus user experience, calling it intuitive and user friendly. Organizations who considered but did not choose Protenus most often cite cost and some missteps with references (e.g., they were given references to organizations with a different EMR). Some prospective clients mention cost concerns, though current customers rate Protenus high for money’s worth.

iatricSystems, a long-standing industry player, has a significant presence in small to midsize organizations, many of whom are MEDITECH users. iatricSystems benefits from existing relationships—4 of the 5 organizations who chose the vendor did so because iatricSystems was an incumbent vendor, either with old patient privacy products or other solutions. Current customers report smooth upgrades and responsive support, though some would like the support to be more proactive. Some also specifically note a poorer experience since recent M&A activity (2018 acquisition by Harris Healthcare, 2019 acquisition of Haystack Informatics). Several respondents see iatricSystems as less progressive than other vendors in the space; organizations replacing Security Audit Manager cite functionality and technology as their primary reasons. Some current customers express hope for the potential benefits of the Haystack platform.

Solid Options Abound Regardless of Current EMR Vendor; Experiences Vary for Epic & MEDITECH Organizations Using Imprivata (FairWarning)

One critical consideration for provider organizations looking for a privacy monitoring solution is the vendor’s ability to seamlessly access records from the organization’s EMR, the home of most data being analyzed.

Organizations using Cerner’s EMR often use other Cerner HIT applications, including Cerner P2 Sentinel, which has historically generated low satisfaction; KLAS has validated a few organizations live on the vendor’s new version, which has shown early indications of improved performance. Those looking beyond P2 Sentinel have several good options: Imprivata (FairWarning), Maize Analytics, or Protenus all receive high ratings from Cerner users.

Organizations using Epic tend to find a high level of success with Maize Analytics and Protenus. Imprivata (FairWarning) customers using Epic report mostly positive experiences. Some customers mention challenges with how long it takes for the Epic log to be ingested into the FairWarning solution, and some also say Epic audit trails aren’t robust enough for clients’ patient privacy monitoring needs.

A large portion of iatricSystems’ customer base is small to midsize hospitals using MEDITECH, and they have found success with that focus. Imprivata (FairWarning) customers who use MEDITECH report challenges ingesting the EMR data and insufficient detail in the audit trails.

Cerner^†

Less frequently considered solution. Target base for P2 Sentinel has been Cerner EMR clients, though Cerner reports plans to sell to non-Cerner organizations. Customers currently being migrated to the newest version, which reportedly has machine learning capabilities. Early perceptions of newer version are positive; as more customers go live, KLAS intends to report on their experience. Customer satisfaction with the older version has been low for some time. All new wins are current Cerner customers. Those replacing Cerner are often looking for more feature-rich solutions from third-party vendors.

“We are in the process of switching to Cerner’s P2 Sentinel. One of the reasons we are switching is that the electronic prescribing of controlled substances is completely certified in Cerner’s tool. Cerner also knows their audit data and can generate a lot of reports for us. They have all of the reports written. They know the Cerner audit data coming in, so it is easy for them to generate a lot of the things that we would have to build manually if we worked with a different vendor.” —IT director

“One of the issues with P2 Sentinel is that we are really relying on people. The things we can identify as privacy issues, like inappropriate access to medical records, are driven by consumer complaints. We could run reports for access and try to do the data analysis to figure out whether there is an issue somewhere, but there is so much information. In this day and age, what we are really looking for is some kind of machine learning or AI that can look at hundreds of different data points and help us identify without human intervention whether we have problems in our medical records with inappropriate access. We want to do our best to protect our patients’ information.” —Compliance/privacy manager

iatricSystems

Established vendor in the space; acquired Haystack Informatics in early 2019. Predominately used by small to midsize organizations, most of whom use MEDITECH’s EMR. Some organizations optimistic about Haystack’s technology. Customers replace iatricSystems because technology and functionality are seen as less advanced than other options. New decisions for iatricSystems predominately occur where they are the incumbent vendor for old patient privacy products or other solutions.

“The draw of using Haystack was the AI functions. iatricSystems allows auditing. They have streamlined their product. They also work with one of our third-party systems, so everything ties together. That was one of their selling points. Ultimately, we decided to go with this solution because we were already using iatricSystems’ product, and they were essentially offering an upgrade for nothing. We were just shopping around to see whether there were other opportunities out there that would supersede iatricSystems’ product.” —IT manager

“The vendor showed us what their reporting would look like. We quickly determined that the solution wasn’t going to work for us. The vendor had an okay system, but it wasn’t nearly as evolved or developed as what we saw from other vendors.” —Privacy director

Imprivata (FairWarning)

FairWarning’s brand has longevity and name recognition in the industry. Recently acquired by Imprivata. Prospective customers gravitate to FairWarning due to peer evangelism or references. Some believe FairWarning’s technology is not equal to that of newer market entrants. Cost is a concern for those that have replaced the solution. Customers can choose whether to use managed privacy services (MPS). Those who do so often report higher satisfaction than those who don’t.

“Some hospital organizations near us used FairWarning’s system, so we got some insights from them, and they were fairly happy with the system. That helped our decision. There were a couple of other vendors we looked at, but their systems didn’t have the same capabilities that we were looking for. FairWarning’s system was specific to our EMR, and we were looking for it to work with our HR software to give us certain reporting capabilities. We wanted the system to interact with our employees and to know who the guarantor of the patient was so that we could be alerted when records were accessed. We wanted the system to provide us with information when the access was inconsistent with our employees’ job duties, addresses, and more. We wanted the system to know what site people worked at, what their job duties were, how often they would interact with a chart, and whether that was consistent with their roles. We were looking for some detailed reporting. Our issue was with employees accessing information that shouldn’t have been accessed.” —HIM director

“False positives with the system are much more prevalent than what we generally have experienced with another system. We want to use a product that is stronger with AI.” —Senior corporate council

Intruno

Focuses on large ambulatory practices and small hospitals. The few organizations that selected them cited a strong, usable product. Those that ultimately selected another vendor recognized strong leadership within Intruno but had concerns with vendor stability and viability.

“The system’s features were amenable to our work environment and our organized structure. We mostly do clinical research. Another driving factor was the ability to modify the system to be able to fit our process flow. The system is user friendly. We set filters for monitoring, but I really liked the ability to utilize the system as a tool to track and maintain investigations and develop specific categories that fit within our organization.” —Compliance director

“We looked at Intruno’s system, but it was a lot like the system we were already on. The person that built it is really bright. The system is in the cloud. It worked a lot better and had more analytics than our previous system, but I was looking for something a little stiffer.” —Privacy manager

Maize Analytics

2021 Best in KLAS winner. Continues to be a top performer and is growing fast, particularly among midsize hospitals. Recognized for great service and support and good technology. New decisions are driven by Maize’s reputation and pre-sales experience, functionality, and lower price point. While no organizations have validated replacing Maize, those that considered them but did not select them often cite user experience as being better with the other solution they chose (most often Protenus). Acquired in May 2021 by SecureLink.

“For the most part we are now on Maize Privacy Solution. We went through a formal RFP and narrowed our decision down to a couple of products. Maize Analytics had expertise with our EMR; they had people that worked for our EMR vendor that were now working at Maize Analytics. Our EMR is somewhat problematic in terms of trying to get things to work, so knowing someone that knows our EMR inside and out is great. Having a client that is flexible and is in several other hospitals is the best thing in the world. That is what really won us over on Maize Analytics. They were really responsive and flexible. We would buy the product again if we had the choice.” —Chief compliance officer

“We queried other health systems of our size as we were making our decision, and Maize Analytics was one of the names that kept popping up. We did demos with them, but in the end, we chose to go with another vendor with a more user-friendly product and more advanced machine learning.” —Privacy officer

Protenus

Consistently scores in the mid to high 90s. Rapidly growing. Has a track record of high customer satisfaction, with customers specifically highlighting the quality service and strong product capabilities. Protenus serves some very large organizations. Customers point to user experience as both a current satisfier and a reason for selecting Protenus. AI and machine learning capabilities are decision drivers as well. Organizations that consider but don’t select Protenus often cite cost as contributing factor.

“We chose Protenus because even though the cost was a little higher than other vendors’, we were able to keep the investigation piece in-house rather than farm it outside to the software company. Protenus also seemed to have the AI machine learning much further developed than any other vendor we looked at who even had that as a feature of their product. We didn’t want the system to identify; we wanted it to be able to weed out accesses that were most likely appropriate. We don’t want to look at those, and that is where machine learning and AI come in. The user interface was also really intuitive and visual, and it didn’t take rocket science to figure out where to click and go. We are able to pick and choose case types that we want to investigate. We had been using a homegrown solution to manage all our work products specific to HIPAA violations that are not related to inappropriate access. Protenus was looking into developing a case management module for those cases at the time. That was a big thing because then we could retire our homegrown system.” —Privacy officer

“Protenus’ system had the features and functionality that we wanted. We were especially excited by the system’s ability to scan local media names that could be included when looking for violations. However, the system cost more than the other system we looked at. We were disappointed not to be able to go with Protenus’ system.” —Compliance officer

Veriphyr

Offers machine learning–based platform that as of today is not on many provider organizations’ radars. Was rarely considered in new decisions validated as part of this study. KLAS has interviewed a few current customers, though the sample is too small for performance feedback to be shared.

What Does “Limited Data” Mean?

Some products are used in only a small number of facilities, some vendors are resistant to providing client lists, and some respondents choose not to answer particular questions. Thus a vendor’s sample size may vary from question to question and may not reach KLAS’ required threshold of 15 unique respondents. When a vendor’s sample size for a particular question is less than 15, the score for that question is marked with an asterisk (*) or otherwise designated as “limited data.” If the sample size is less than 6, no score is shown. Note that when a vendor has a low number of reporting sites, the possibility exists for KLAS scores to change significantly as new surveys are collected.

Overall scores are measured on a 100-point scale and represent the weighted average of several yes/no questions as well as other questions scored on a 9-point scale.