How Compliance Analytics Protects Patient Privacy During COVID-19


Post By: Nick Culbertson, Co-Founder and CEO, Protenus

Since the start of the pandemic last winter, it has been a challenge not to feel overwhelmed by the novel coronavirus and the many challenges it has presented across the entire healthcare industry. Furthermore, the surge in attacks on hospitals and healthcare organizations, including academic medical centers engaged in research to find vaccines and treatments, is as alarming as it is disheartening. The U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency and the FBI, along with their British counterparts, have warned about increased attacks on healthcare organizations and research institutions.

In short, the global crisis has not kept bad actors from continuing to use patient data for personal gain. In addition, the unique nature of the coronavirus may lead to an increase in so-called “snooping” by hospital staff, who are anxious to know whether they have been exposed to a sick neighbor or colleague—or, even worse, who may just want to sell information about a patient in the media, someone who is a local or national figure.

Despite this, the industry can still keep such bad actors from taking advantage of the organizations working so hard to keep everyone safe and healthy. Those of us who work on the leading edge of compliance analytics know that we can prevent those who would use this moment to their advantage, breaching hospital and healthcare organizations’ information systems for personal or financial gain. Compliance analytics leverage the force of artificial intelligence to audit tens of millions of healthcare data accesses, detecting anomalies—such as breaches—before they become full-blown crises for an organization. In a time when it’s increasingly important for hospitals to protect their patients, preventing personal information from being leaked or compromised is as important as ever.

A single data breach can cost a hospital more than $3 million, along with the lasting cost to the organization’s reputation. Last year, Protenus’ Breach Barometer reported that the number of breaches has increased every year between 2016 and 2019 (from 450 to 572); the number of affected patient records has also increased (from 27.3M to 41.4M). Preliminary data shows that this number will drastically increase in 2020, possibly due increased threats related to the ongoing pandemic.

Compliance analytics combine AI, machine learning, and experts in compliance, to monitor for suspicious activity in the EHR and ancillary systems, such as time-and-attendance software (e.g., ADP, Kronos) and human resources \to prevent data breaches from occurring in health systems across the country.  When integrated into one stream, this data can provide a thorough picture of how workforce members engage with patient data and distinguish appropriate from  inappropriate behavior.  Suspicious cases are sent to privacy or compliance teams for review and resolution.

This process has several advantages over legacy programs, which often rely on older or outdated models, including paper-based reports and logs that must be analyzed line-by-line by highly skilled staff whose talents are so desperately needed elsewhere at this time. Such legacy models are prone to labor- and time-intensive investigations that generate false positives, a situation that drains resources as well as staff morale.

Efficiency is one of the benefits compliance analytics has to offer, given that it does much of the analytical work for the privacy or compliance team, providing natural language reporting that details exactly why an alert has been generated for review and investigation. At a time when organizations are forced to make difficult financial decisions and to do ever more with even less, such advancements are a way to centralize compliance programs that are often spread out among disparate locations and teams. Compliance analytics provides a centralized compliance system, auditing entire systems at scale to ensure threats are not left lurking below the surface.

Responding to the coronavirus demands that each organization find innovative solutions to its most complex challenges so that it can deliver essential care and services to its most vulnerable patients. With the increased demand in healthcare due to the coronavirus pandemic, compliance analytics provides the ability to reduce risk across the organization, by preventing threats to patient privacy during a time when compliance teams are often being reassigned to patient triage or other care units within the organization. Compliance analytics allows privacy and compliance teams to focus their attention on ever-changing priorities during the pandemic without worrying about undetected threats to the organization. By delivering a 21st century compliance analytics program, healthcare organizations ensure that they continue to meet all HHS Office of Civil Rights regulations while delivering patients the best care possible.