Case Study: UPMC achieves streamlined enterprise patient privacy monitoring and ARRA-HITECH compliance with FairWarning

Creating an Optimal Privacy Program: Combining Patient Privacy Monitoring & Identity Management

UPMC, a large, multi-hospital health system on the U.S. News “Honor Roll,” faced slow, resource-intensive privacy investigations because access logs lived in many disparate clinical systems. Facility Privacy Officers and IT staff often spent weeks pulling system-by-system reports, creating delays and compliance risk as regulatory requirements tightened under ARRA‑HITECH.

UPMC implemented FairWarning Patient Privacy Monitoring integrated with its enterprise Identity Management system to centralize, deduplicate and present audit logs to managers and Privacy Officers. Rolled out in phases, the solution now aggregates logs from 40+ applications (with plans for 100), supports delegated incident review, averages 300 weekly users, and has reduced investigation time and incidents while improving ARRA‑HITECH/HIPAA compliance and reporting.

UPMC

John Houston

Vice President Privacy, Security Officer