Cedars-Sinai in Los Angeles, one of the most visible U.S. hospitals and research institutions, is adding to its data security strategy through the adoption of Bottomline's Healthcare Privacy and Data Security solution.
The solution aims to keep pace with evolving threats to privacy and to help hospitals maintain compliance with HIPAA and HITECH. It does so by providing a way to monitor and analyze user behavior across multiple systems and applications, the company says, so that malicious or negligent activity can be identified as it occurs. It aims to uncover outsiders posing as internal employees, employee misconduct, or unintentional misuse that could put patient data at risk.
Going live with HealthKit
The announcement comes on the heels of Cedars-Sinai's integration of its Epic electronic health records system with Apple's HealthKit, another notable project that went live this month. Some of the hospital's IT goals involved in using HealthKit have been to free-up developers to work on additional projects such as analytics, and to put patients in control of the data they provide to caregivers in order to improve compliance with federal EHR directives.
Following what has been touted as the largest HealthKit integration yet, Cedars-Sinai will have more data than ever to protect, and that is where its new data security solution comes in.
The hospital notes that its privacy and compliance experts will now have specific tools and analytics at their disposal through Bottomline, including screen-by-screen replay of users' activity, which could serve as evidence in an investigation.
In addition, the solution serves as a deterrent to malicious activity by acting as a sort of digital surveillance camera.
"After an extensive review, we selected Bottomline's Healthcare Privacy and Data Security solution because it is the only one that non-invasively monitors user behavior across networks and applications in real time, while minimizing the incidence of false positives," Darren Dworkin, Chief Information Officer of Cedars-Sinai, said in a prepared statement.
He notes that log file data only provides a partial picture of user behavior and that it's time-consuming to analyze. "To enhance protection of patient data, healthcare organizations must have the best technology solutions in place to detect and stop suspicious behavior in real time, before an incident occurs," he says. "The Bottomline Healthcare Privacy and Data Security solution offers unique capabilities for a previously unaddressed aspect of patient privacy."
Patient-driven privacy
Dworkin has been noted in the media to take a stance on both security and data sharing in which patients lead the way. When he spoke at last fall's annual Safeguarding Health Information conference in D.C., Dworkin told attendees that patient expectation, rather then healthcare regulations, would drive patient data security and that the issue would become whether "their expectations have been met."
More recently, Dworkin echoed similar sentiments when discussing how Cedars-Sinai plans to use HealthKit. "It will be directed by patient activity," Dworkin told Health Data Management. "If we see lots of patients uploading weight information, we’re going to jump into that and perhaps build some clinical program around it. We're going to follow the patients."