Using Big Data to Audit Access to Patient Data and Beyond

Published March 11, 2014   |   
Gabriel Perna

Middlesex Hospital, located in Middletown, Conn., is in the anticipation business. And thanks to analytics software, business is starting to get good.

Auditing who is accessing patient data in an electronic health record (EHR) is a requirement for hospitals attesting to Stage 2 of meaningful use under the Health Information Technology for Economic and Clinical Health Act (HITECH). It’s also required under the Health Insurance Portability and Accountability Act (HIPAA). Many organizations, such as Middlesex Hospital, are beginning to invest into data analytics software tools for compliance.

Middlesex, a community hospital with approximately 200 beds, two offsite emergency departments, a family practice, and nine primary care facilities, has always considered technology to be one of the pillars of the company. It has invested in Cerner (Kansas City, Mo.) for an inpatient EHR, eClinicalWorks (Westborough, Mass.) for primary care and multispecialty, and McKesson (San Francisco) for home care. It also has a homegrown system that acts as a health information exchange (HIE) across multiple departments and specialties.

However, with those HITECH and HIPAA regulations around protected health information (PHI) access, those EHR investments are no longer good enough. For the Cerner and the homegrown systems, Middlesex has begun to use an analytics tool from Splunk (San Francisco) that allows them to see who is accessing patient data and consolidate audit logs.

“If you are attesting to Stage 2 of meaningful use, (auditing access to PHI) not a ‘nice to have’ it’s a ‘need to have.’ The requirement is you need to audit all of your systems and it has to be a certified product to do so,” says Richard Schubach, Middlesex Hospital’s director of information technology. “As far as we’re concerned, simplicity is key.”

Read More