Case Study: Baptist Health Care achieves comprehensive patient privacy monitoring and streamlined HIPAA compliance with FairWarning

FairWarning® Patient Privacy Monitoring at Baptist Health Care

Baptist Health Care, a community-owned, not-for-profit system with four hospitals and more than 6,000 employees, faced a growing privacy compliance problem: it was running over 200 disparate EHRs and clinical applications but could not produce comprehensive, usable audit logs to meet HIPAA requirements or respond to patient concerns about who had accessed records. Few applications provided audit data, vendors were slow to enable logging, and the Privacy office lacked a way to consolidate and investigate access across systems.

In mid-2011 Baptist implemented FairWarning® patient privacy monitoring, working with McKesson through FairWarning’s Ready for Healthcare Applications program. They standardized user IDs using Lawson HR data, ingested audit logs from NextGen and HealthQuest, and used appended HR attributes to filter alerts and reduce false positives. The system now delivers daily, actionable alerts for incidents such as self-examination, employee-as-patient snooping and VIP snooping, has raised staff awareness of privacy, and will be extended to monitor data across a regional HIE.

Baptist Health Care

Jim Donaldson

Director, Corporate Compliance