Homerton University Hospital NHS Foundation Trust has become the latest NHS Trust to select FairWarning Privacy Breach Detection to monitor and protect patient privacy. According to the US software firm it’s to counter data breaches and improper accessing of Electronic Health Records (EHRs).
The US company says that studies suggest that the greatest threat to patient privacy in the UK comes from NHS staff abusing their legitimate access rights to read electronic records they are not entitled to see.
Matthew Hall, Information Governance Manager at Homerton University Hospital, said the decision was motivated by a combination of factors – chiefly the need to enhance its reputation and to meet regulatory requirements. “Primarily we have taken this step so that we can demonstrate to the public that we do monitor access to their information, and that patients can have trust in us,” he said.
“From a regulatory perspective, we are required to have a robust and proactive system that not only reports breaches but also prevents them from happening. We need to be able to show that we are monitoring access appropriately and effectively. FairWarning will significantly help us to demonstrate that.”
The Data Protection Act (DPA) has always been clear that NHS organisations must demonstrate compliance in terms of information security. The Information Commissioner’s powers have been increased and the ICO is now able to issue fines of up to half a million pounds for data security breaches. This is already beginning to happen – to local authorities, also to NHS Trusts.
“As the NHS moves further away from paper to electronic health records, it is becoming increasingly important for Trusts to demonstrate that they have effective monitoring systems in place. Consequently, the need for solutions such as those provided by FairWarning will only grow. At Homerton, we can confidently say that information is safe,” said Matthew Hall.
He added: “Historically when we have been made aware of a potential breach it has fallen on IT to go through the audit trails. This has been an onerous manual process – taking up time and resources. With FairWarning, not only will the amount of investigation work required reduce, but, with such a proactive, automated system, the speed of reporting will accelerate appreciably.”
Homerton will initially deploy the product across Cerner Millennium, its EPR system for the acute side of the Trust – with a further implementation across the community EPR system, RiO, later.
Les Baker, UK Country Manager of FairWarning, Inc, said: “This is another example of an innovative, forward-thinking Trust recognising the necessity to protect patient privacy. We are hopeful that what they achieve through this deployment will encourage others to follow their lead. Electronic healthcare can be a liberating force for NHS professionals, providers and patients and promises to be a key component in delivering faster, safer and better care. But unless privacy monitoring is built into NHS IT systems at ground level, the risk of major data breaches will remain – and our ability to capitalise on the many benefits of electronic healthcare will be delayed.”
