Published on June 18, 2007
Access ProfilerProtecting Patient Confidentiality: Access Profiler Protecting Patient Confidentiality by EMRConnect.com Contact Information: Contact Information This document contains proprietary information of EMRConnect.com and TNT Systems. Publication, disclosure, copying, or distribution of this document or any of its contents is prohibited, unless consent has been obtained from EMRConnect.com. Direct any comments or questions about this document to: Larry Trach EMRConnect.com 1601 Ocean Drive South #1006 Jacksonville Beach, FL 32250 800-817-1258 [email protected] Background: Background Access Profiler was developed in 1998 and deployed at Emory Hospital in 1999. The first 3 releases were Cerner specific. The current release is a vendor independent application running on SQLServer. Access Profiler is built using multi-source data warehousing principles which can load, reconcile, and profile user’s access of patient information from any number of source systems. Mayo Clinic of Jacksonville is the reference site for the latest release. There is not another product available that has the features, functions, and usability of Access Profiler. Users have described the application as 'Awesome'. Access Profiler has been developed for the Healthcare environment, but its methods and algorithms are applicable to any industry where users have access to people’s confidential information. The Problem: The Problem How do you fairly and efficiently monitor millions of access events per year and easily identify user activity that is inappropriate based on HIPAA requirements, institutional guidelines, and state privacy laws? In a typical application, each 1,000 users will generate approximately 20,000 interactions with patients per day. Without sophisticated algorithms, finding the inappropriate behavior is like searching for a needle in a haystack. Based on customer experience, we have found that 10 to 20% of users are in violation of privacy regulations and practices. Lawsuits are rising and attorneys are starting to plant patients in order to probe compliancy of institutions. Plaintiffs have won more than $111 million in settlements or judgments against companies in 110 separately reported privacy cases against 92 corporate defendants in 2002. (OCTOBER 07, 2003 COMPUTERWORLD) States are developing their own laws. This will make compliance increasingly important. The Problem: The Problem Patient data is spread over disparate applications that do not have a common mechanism for monitoring user access. A site with many disparate systems is not uncommon. e.g. Cerner, IDX, Apollo, Kscope, RIMS, GE PACS, Qreads, SIRS, Clinical Notes, Mycis, Pyxis, Dictation Systems, etc. Access Profiler provides the ability to collect, profile, and monitor user activity from any number of disparate source systems. The Backend: The Backend Access events and related information are periodically extracted from each source system using a database connection or load files at a user specified interval. Data from each source is reconciled to a common data warehouse. 12 different algorithms are applied to each event and indicators are set if it is determined that inappropriate activity may have occurred. Categories include: Access of your own record. Access against patients that have a family or financial relationship to the user. Access against patients that live at the same address. Access against coworkers and VIP patients. Access of patients on a 'watch list'. Access to patients or encounters outside the scope of a user’s discipline or job requirements. Access against patients with the same last name. Spikes in activity surrounding the date of death. User defined algorithms. Hack attempts, compromised accounts, password sharing, and others. Statistics are summarized for each user and are used as a starting point to review and identify inappropriate activity. Slide7: Data Flow Diagram for Access Profiler The Front End: The Front End An interactive web-based application provides functions for querying users and patients at a summary level. Users can be sorted and filtered based on a range of attributes or the type of activity. Progressive drill-down pages allow the security officer to see the underlying detail and the context of the activity. Work-flow functions support the documentation and reporting of findings. Appropriate user / patient activity can be excluded from future reviews, so that the same issue is not escalated again. Statistics are available to trend the volumes of each type of activity and the number of detected and reported breaches by period. The Front End: The Front End The next 3 slides are a sample of pages from the web-based client. Slide 1 is the User Summary that shows a one line rollup of user activity against all patients with totals for each indicator and percentages of coworker and VIP activity. Slide 2 is the first level of drill-down. This shows summaries of activity for each patient accessed for the selected time period. Slide 3 is the next level of drill-down. This shows individual access events for a given user/patient pair and time period. Any derived indicators are indicated with a 'Y'. Issues can be documented at the event level, patient-user level, or the user level. Visit summaries and prior documentation are displayed. The same drill-downs are available by patient. Slide10: The 'User Access Summary' page provides a one line per user summary for each user based on the selection and sort criteria. Totals for all patient access, coworker activity, VIP activity, and indicator summaries give the security officer clues about where inappropriate activity may be occurring. Slide11: The 'User Access Detail' page repeats the user totals, both current and life-time, and then displays a one line summary for each patient accessed during the requested time. For example, Patient ID 3179 was access 3 times between 12/16/2005 and 12/19/2005 and is a coworker. Cowoker Indicator Totals since last review date Life-time totals Slide12: On the 'User/Patient Access Detail' page the user and patient level summaries are repeated. In the 3rd section, individual access events are displayed for the time period selected. The summary encounter information in the 4th section helps the security officer qualify the reasonableness of the activity. Events are color coded to indicate if the activity is in or outside the scope of a visit. 3 4 The Front End: The Front End All information necessary to triage and qualify user activity is instantly available to the security officer. The security officer can do in seconds what would normally take hours or days without Access Profiler. The user and their related activity can be annotated and then marked as 'Follow-up' or 'Reviewed'. The 'Follow-up' function helps the security officer to return to the list of users currently being researched. Marking the user as 'Reviewed' resets the current totals so they will not be escalated as an exception unless they do something inappropriate in the future. Conclusion: Conclusion Your security officer can review in seconds what would normally take hours or days. Outcomes can be used as part of the ongoing training and increasing security awareness. Do replicate the monitoring capabilities of Access Profiler would take 10 FTEs. Access Profiler is the best option for protecting your patients confidentiality. Our plug and play interfaces can have you up and running in days.