Top Children's Hospital Leaves Legacy Privacy Monitoring in the Past
by Protenus on September 29, 2021
Protecting pediatric patients' privacy is an undertaking as complex as it is critical.
First, child patients are vulnerable to identity theft, as criminals target victims who they can exploit for decades to come. Pediatric patients' privacy may also be breached by individuals personally close to them, whether that's a relative working at the hospital where they're receiving treatment, or staff members who have grown attached throughout the course of the child's care.
In addition, the medical conditions of child patients often require interaction with several different specialists and departments, generating a large volume of data to monitor, and making privacy violations trickier to detect than those affecting adult patients.
Download the latest case study on how Protenus is helping the nation's top children's hospitals minimize organizational risk.
Protecting pediatric patients' privacy in the face of these obstacles is an uphill battle — and one that large institutions relying on outdated, inefficient, and incomplete monitoring systems, risk losing. Losing could mean fines, lawsuits, a tarnished reputation, and worst of all, harm to the very patients healthcare organizations are trying to protect.
Seattle Children's Hospital, an 8,000-employee entity operating across four states, is one large institution that recognized the urgent need for risk mitigation as data volumes and complexity increases. The system's compliance department decided to forge a valuable partnership with Protenus after cycling through two legacy patient privacy monitoring tools that failed to make their jobs all that much easier.
Bogged down by legacy limitations
The first prior solution did not integrate with sufficient data feeds to cover all areas of risk for the organization. Compliance experts were unable to check an access against an employee's HR credentials within the tool, so to use this kind of information in determining whether a violation occurred, investigators had to hunt for it on their own by tediously navigating multiple discrete systems.
With a different tool, the compliance team was able to integrate the data feeds needed for case investigations, but lacked automation for repetitive tasks. This solution surfaced complex cases without all necessary information readily available, so investigators were still spending a significant amount of time on manual data collection and exports in order to make a determination on each case.
A single case review consumed anywhere from 30 to 40 minutes of an investigator's time when relying on outdated technology, so only a tiny fraction of the thousands of cases being generated across the hospital system could reasonably be reviewed. The investigators did the best they could with their legacy tool despite its limitations. To cover as much organizational risk as possible, several full-time equivalents spent a majority of their time reviewing cases, while other high-value priorities had to wait.
Ultimately, it became too risky to continue this resource-intensive approach to patient privacy monitoring.
Racing ahead with swift, accurate reviews
By implementing Protenus Patient Privacy Monitoring, the Seattle Children's compliance department did away with hunting down case context, manually creating reports, and otherwise plodding through reviews.
The automation and artificial intelligence powering Protenus makes it possible for audits to be performed by just one FTE on the team, giving other compliance professionals much more bandwidth to tackle other priorities. Additionally, with analytics continuously refined through machine learning, Protenus enables Seattle Children's to accurately detect appropriate versus inappropriate accesses to patient records 90 percent of the time.
”With Protenus, we can have one person monitoring an unlimited number of cases,'' said Chris Liles, Privacy Analyst at Seattle Children's Hospital. "That person is able to quickly get through cases because all the information is in one place."
When Protenus surfaces a potential infraction to the compliance expert, they have at their fingertips all the necessary context to investigate and resolve the case swiftly. The team spends significantly less time investigating events that turn out to be false positives.
All in all, within one year of activating its compliance team on the Protenus platform, Seattle Children's recorded a time savings of nearly 70 percent, reducing the average case-review duration to between 5 and 15 minutes.
Providing critical coverage
Although its pediatric patient population poses unique privacy challenges, with Protenus, the compliance team at Seattle Children's is confident that its monitoring solution provides complete coverage around the clock. Compliance experts have exactly the information they need in a timely, scalable manner, allowing them to zip through case reviews faster and more efficiently than ever before.
The strides that the Seattle Children's made by partnering with Protenus are anything but isolated. In committing to continuous product refinement and working with some of the most prestigious children's hospitals in the country, we have an undeniable track record of helping children's hospitals succeed in their critical compliance functions. For large organizations facing similar challenges, Protenus is well worth the switch from outdated legacy tools.
For insight into how our customers are proactively protecting the privacy of vulnerable pediatric patients, download the Seattle Children's case study.