UK hospital boosts patient privacy efforts

Officials at the Aintree University Hospital Foundation Trust announced Monday that it is slated to deploy the FairWarning Privacy Breach Detection solution across all of its clinical systems. 

One of England’s most proactive National Health Service (NHS) trusts, Aintree has moved to electronic records for 90 percent of its health records, and officials say the breach detection solution will help secure the trust’s EHRs.

“There is a sea-change in the depth of data that is now being recorded electronically. Previously, most confidential information was on paper, locked in secure storage and well managed,” said Ward Priestman, director of informatics and senior information risk officer at Aintreee. “But now that we’re starting to record an increasing amount of clinical and confidential data on electronic systems, the thinking has got to mature.”

[See also: Data breaches top of mind for IT decision makers.]

Combatting security issues have been a challenge for the NHS, as the number of security breaches involving patient data has doubled in the UK over the past four years. 

“Previously, the only way to address this was either through random audits or in response to a complaint. This was reactive, time-consuming and incredibly difficult to do,” said Priestman. “We needed a proactive, automated system that could tell us when people had been inappropriately accessing records.”

As staff will be aware that the FairWarning system monitors all use of electronic records, officials expect the number of unauthorized access will drop significantly.

“Trusts need to do all that they can to maintain the confidentiality, integrity and availability of their systems to ensure that data is processed in a secure manner. Audit capability has long been an issue with NHS systems,” said Neil Morgan, information security manager at Aintree. “In order to protect our data, we first need to understand how it is being used. What are the risks; what are the exploit vectors? Without a privacy detection solution, it’s almost impossible to identify this. Now that we are implementing FairWarning, we will be able to monitor, identify and respond to what is going on.”

[See also: Security issues can’t be ‘swept under the rug’ .]

Aintree plans to implement the solution across its EHRs, electronic document management system, digital radiology system, ePrescribing system and clinical portal.

“The population is much more demanding now in terms of access to information, and the way technology has evolved means that is only going to increase,” said Priestman. “The whole of the NHS will have an electronic patient record within the next five years. This is exactly why trusts need to be on top of the privacy agenda.”