Helen Blake, Executive Director, HIPAA Privacy and Security Office Client Profile The University of Miami Miller School of Medicine is comprised of three hospitals and a clinic system, serving more than 5 million patients in Florida, South America, and the Caribbean. It s a prestigious organization that has earned international acclaim for its advanced patient care capabilities, and for its accomplishments in the field of medical research. Challenge Healthcare is targeted by cybercriminals more than any other industry. Nearly every healthcare organization has suffered at least one recent data breach, with many experiencing multiple breaches. But internal threats from employees now represent the single greatest concern for most healthcare organizations. The UM School of Medicine sought help in countering those threats. Solution FairWarning Patient Privacy Intelligence and Managed Privacy Services Results Automated reports and trend-based visualization help the team stay on top of user activity in accessing medical records Communications and employee education about compliance has been enhanced Threats From Within Are Now the #1 Concern for Most Healthcare Organizations The University of Miami Miller School of Medicine is a large, widespread healthcare organization, with 10,000 employees serving more than 5 million patients. Recently, the executive director of the school s HIPAA Privacy and Security office was looking for some help in keeping the organization s EHRs safe.
2 Overview: The Greatest Danger Comes from Within We re living in a time of unprecedented danger for healthcare organizations. Technology has provided for the creation, storage, and management of electronic medical records, with capabilities that would have been virtually unimaginable only a few decades earlier. Along with those astounding capabilities comes extraordinary risks. Healthcare organizations are now targeted for data theft more than any other industry. According to the Ponemon Institute s Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, nearly 90% of healthcare organizations have suffered data breaches in the past two years. Those breaches cost the industry more than $6 billion. 1 that nearly 70% of healthcare organizations are most worried about internal threats. Helen Blake, executive director of UM Miller School of Medicine s HIPAA Privacy and Security Office, certainly agrees. There s plenty to worry about from all of the sophisticated external threats. But what really keeps me up at night is the internal threat from employees whether it s an unintentional act of negligence, like losing a laptop, or an employee stealing information for nefarious purposes. But despite cybercriminals increasing focus upon healthcare, the Ponemon study shows What really keeps me up at night is the internal threat from employees. Helen Blake, Executive Director, HIPAA Privacy and Security Office
3 The Challenge: More Employees; More EHRs; More Problem Potential Miller employs thousands of people to staff its expansive healthcare system. And the system maintains hundreds of thousands of electronic health records. It's a combination that exposes organizations to a new level of risk. You need technology to monitor technology. How do you monitor in a tangible, demonstrable way such a large system that supports several hundred thousand records? That, in a nutshell, was the challenge faced by Helen s team before finding FairWarning. It s a challenge that s shared with countless healthcare organizations globally. And it s a relatively new challenge one that requires a far more proactive mindset than in times past. It s an outdated concept to think that you can just respond to complaints, Helen said. Storing, processing, and moving large volumes of electronic data is a relatively new thing. And the old reactionary compliance mindset should be a thing of the past. Helen noted that HHS is certainly taking proactive compliance very seriously. Electronic health records represent a massive asset for most healthcare organizations. They are very delicate assets that are quite vulnerable to breach or mishandling at most organizations. As technology and data become more important to our world, there s no way to monitor it effectively manually, Helen noted. You need technology to monitor technology. There s a certain amount of integrity that comes with having an objective third-party involved.
4 Solution: Visualization, Automation, and Third-Party Help How can healthcare organizations monitor and safeguard the massive amounts of data they re charged with protecting? Visualization and automation are key. Data Visualization One-click reporting Easy to read charts Multiple chart types Add to dashboards FairWarning provides the ability to visualize data in multiple ways. Spotting trends and monitoring user activity in health records are simple with visually intuitive reports and dashboards. FairWarning s customizable, proactive alerts serve to keep management informed of any issues that should trigger further investigation. But many healthcare organizations are trying to go it alone. They re attempting to build in-house systems for protecting and managing health records or, even worse, they re attempting to do it all manually. Helen understands that mindset, and even shares it to a degree: I m generally not a big believer in hiring consultants. I would rather do things locally, and build our own systems. So she experienced a little trepidation in getting started with FairWarning. But she recognized that it just didn t make sense to go at it alone in managing and monitoring their vast EHR system even with the considerable resources of an organization as large as the University of Miami. We have an unbelievably competent IT security team that I absolutely love. But at the end of the day, that s just not the best utilization of our resources, especially when something like FairWarning exists.
The Results: An Organization-Wide Impact 5 Is a picture really worth a thousand words? If it s the right picture, it s worth all of those words, and even more. Helen has found that FairWarning s visualization capabilities helps her team to consistently paint the right picture, enabling much more effective communications: FairWarning has helped me communicate more effectively with my various teams and with leadership. Perhaps more importantly, FairWarning s visualizations have made it possible to closely monitor employee activity. Highvolume activity reports are used to monitor employees that are accessing health records at unusually high rates, or at accelerating rates. Managers and supervisors shared that the reports are instrumental in identifying and tracking employees that are accessing high volumes of records. The reports also help HR representatives understand employee activities pertinent to investigations. And the school s HIPAA Privacy and Security Office is spreading the word about FairWarning and compliance protocols organization- wide (and that encompasses quite a large group: 10,000 employees). Helen s team wants to be certain that all employees understand what the team is monitoring, and how they re using FairWarning in the process. We do a lot of live training sessions with all of our hospitals and departments, Helen explained. We implement FairWarning into our educational sessions and our training modules, so they can better understand what our office does, and what is required by HHS. We re trying to reach out to all employees about HIPAA and FairWarning. Ultimately, FairWarning helps to build trust, both internally and externally. It shows that there is an established process, supported by an established tool, that reflects the organization s intent to handle their electronic health records and patient information responsibly, and with integrity, Helen said. And that goes a long way toward creating trust within a community and within a regulatory context. Key benefits that FairWarning provides to the UM Miller School of Medicine team includes: Advanced Visualization Capabilities How can large healthcare organizations like UM Miller School of Medicine protect the massive volumes of data that patients entrust to them? Visualization. FairWarning s advanced visualization capabilities provides a quick, intuitive interpretation of statistical analysis and user behavior trends. FairWarning s ability to present data visualizations in multiple, customizable chart and report formats assure that data is presented in ways best suited for each customer. And FairWarning s Managed Privacy Services team can help each customer set-up the visualizations that are most effective for their organization.
5 Statistical Analysis of User Behavior For many years, FairWarning has provided a library of scenarios and analytics that included capabilities such as sequential medical records access, threshold reporting, and many other important functionalities. Those foundational capabilities have been significantly expanded to include the statistical analysis of user behavior. This expanded functionality provides the ability to: Compare a user s behavior over time Compare users with their peers Analyze and visualize user behavioral trends! Condensing a 10-Minute Conversation Into a 5-Second Snapshot The leadership of any large organization is comprised of very busy people. When you get an audience with this group, it s not for long. And you d better make the most of it. Helen found that FairWarning helped her do just that. 6 Statistical analysis of user behavior can reveal indications that the user has begun to engage in nefarious activities. It can also provide warning that a user s credentials have been compromised through cyber- criminal activities such as phishing attacks. Ease-of-Use Enabling Optimized Workflows FairWarning recognizes that complexity is the enemy of operational excellence. That s why FairWarning s Patient Privacy Intelligence platform is designed to provide an easy-to-use experience. Advanced capabilities such as customizable user alerts, automated assignment of alerts, and delegated investigation management, assure that FairWarning eases administrative burdens rather than compounding them. Education and Training Tools Making the most of any application requires that users are educated about the capabilities of the application, and well-trained in the use of the application. FairWarning offers a broad range of training and educational tools that include: Interactive online instructor-led classes On-demand training sessions FairWarning s Certified Professionals Training Program FairWarning s visualizations helps me to communicate more effectively with my teams, and with leadership. I can reduce ten minutesworth of conversation into an intuitive visual depiction that delivers its message with just a five-minute glance. For us, FairWarning has been a highly effective communication tool. 1. Ponemon Institute. Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows. http://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of-healthcare-data (accessed April 13, 2017).
About Miller School of Medicine The University of Miami Miller School of Medicine is a massive healthcare system. The organization is comprised of three hospitals and a clinic system, serving more than 5 million patients in Florida, South America, and the Caribbean. It s a prestigious organization that has earned international acclaim for its advanced patient care capabilities, and for its accomplishments in the field of medical research. 7 About FairWarning FairWarning strives to protect the health, wealth, and personal information for every person on Earth. The company s industry-leading, affordable application security solutions provide data protection and governance for Electronic Health Records (EHRs), Salesforce, Office 365, and hundreds of other applications. FairWarning solutions protect organizations of all sizes against data theft and misuse through real-time and continuous user activity monitoring and improve compliance effectiveness with complex federal and state privacy laws such as HIPAA, PCI, FINRA, SOX, FISMA and EU Data Protection Act. FairWarning catches people stealing your data. 13535 Feather Sound Drive, Suite 600 Clearwater, Florida 33762 USA For more information, please visit www.fairwarning.com 727-576-6700 Solutions@FairWarning.com Copyright 2004-2019 FairWarning, Inc. All rights reserved. Various trademarks held by their respective owners.