Vendors team to try to reduce patient data snooping

Two health IT vendors are developing a service to enable providers to establish and maintain an effective privacy monitoring program.

CynergisTek is a cybersecurity and information management consultancy with expertise in the optimization of privacy programs and its partner, Protenus, offers technology to monitor health professionals’ behaviors using analytical and artificial intelligence technologies.

Key to their efforts are enabling providers to better monitor their staffs.

Most healthcare providers, staffers and other persons who have access to medical records strive to protect the privacy of patients, but there are those who will go snooping in a record they should not be accessing or are in a location that is inappropriate for the work they are supposed to be doing.

“We’ve been involved in patient monitoring for years, but it’s the behavioral analytics that are becoming important to learn what users are doing in information systems,” says Mac McMillan, President and CEO at CynergisTek. “Protenus analyzes activity in the network to pick up data to correlate who this person is and what they are doing.”

Mac_v2.jpg

Also See: Feds fine hospital that didn’t cut data access to former employee

According to the Protenus Breach Barometer, which gives quarterly snapshots of disclosed breaches, insider incidents accounted for 23 percent of data breaches that occurred in healthcare systems during the third quarter of 2018.

“As health systems face mounting challenges in creating and maintaining robust patient privacy monitoring programs, we identified a need to partner with a company offering complementary services so health systems can act on the insights uncovered by our analytics,” says Nick Culbertson, CEO and co-founder at Protenus. “We are confident that combining our technology with CynergisTek’s know-how will push the industry forward when it comes to making patient privacy a priority.”

Protenus’ analytics engine can show if a clinician is looking at a patient record and actually providing care, or is just snooping in the record. Smaller organizations can use the same monitoring technology as larger ones, which frees privacy security analysts to not have to monitor and have the time to dig deeper and be more accurate in their analyses of whether or not people are doing legitimate work, McMillan explains.

“This tool enables you get deeper levels on what a user is doing and be proactive to recognize behaviors quicker,” he adds.

For reprint and licensing requests for this article, click here.