Becker’s Hospital Review: Detecting Impermissible Use of Patient Data

,

Veriphyr proactively reports impermissible use of patient information as it happens. 

 

A New Approach for Detecting Impermissible Use of Patient Data

Steve Katz, advisor to the National Health Information Sharing and Analysis Center (NH-ISAC), offers valuable insights on addressing impermissible use of patient data by 3rd parties in his article in Becker’s Hospital Review.

Katz highlights how the impermissible use of patient data at a Florida hospital resulted in a $5.5 million-dollar fine by the US Department of Health and Human Services (HHS).

In addition, Katz points out that detecting impermissible use of patient data is a significant challenge in healthcare.

 

“a worker’s job responsibilities and ‘Permissible/Impermissible Use’ profile can change if they are temporarily redeployed to a different assignment or faced with an emergency.”

– Steve Katz, Advisor for the NH-ISAC

 

Advanced Data Analytics

Katz suggests that recent technical advances in data technology, specifically Structural Analytics, can help companies address impermissible use of patient data, and for a fraction of the cost Wall Street firms paid years ago for data security.

The article concludes that new data analytics enable hospitals to detect and deter patient privacy violations, and thus data theft. This is done by companies like Veriphyr by automatically determining the job duties of each worker, and reporting workers whose access is outside their job duties.

 

“When implemented correctly, this approach can reliably distinguish between ‘Impermissible Use’ and ‘Permissible Use’ even when two workers, in the same department and with identical titles, access the same patient data just once”

– Steve Katz, Advisor for the NH-ISAC

 

About Steve Katz:

Steve Katz is an Advisor to the Board of the NH-ISAC (National Health Information Sharing and Analysis Center). He was a founder of the FS-ISAC, and is currently an executive advisor on privacy and security for Deloitte. Katz has been Chief Information Security Officer for Citigroup, and head of Information Security for JPMorgan. In addition, he helped manage the Information Security program at Kaiser Permanente.

 

Sources:

(a) HIPAA Violations and What Healthcare Can Learn From Financial Services – Becker’s Hospital Review, 03/14/2017

(b) $5.5 million HIPAA settlement shines light on the importance of audit controls – Department of Health and Human services