Challenges with Privacy Audit
Personal health information is highly sensitive data protected by strong sector-specific legislation. Yet controlling access to patient records is a major challenge for large healthcare organizations and requires a Privacy Audit Innovation. It is critical that clinicians be able to access records easily in order to provide timely and patient-centered care.
In the complex and dynamic environment of healthcare networks, thousands of employees have access to a huge bulk of patient records across various information systems. Monitoring access to ensure that this privilege is used appropriately is difficult given limited privacy resources.
Mackenzie Health, together with several partner hospitals, sought an automated solution to streamline the process of privacy audits. The Mackenzie Innovation Institute launched a competitive dialogue process for Privacy Auditing Innovation Procurement, with the aim of co-designing an innovative custom solution to this problem.
Through the competitive dialogue process, KI Design collaborated with the Mackenzie Innovation Institute and its partner hospitals to define the desired functions, performance and benefits of an access audit solution. KI Design was selected as the preferred vendor, continued to optimize our proposed solution during a six-month pilot phase, and was awarded a contract with the hospitals participating in the project.
Integrating client input throughout the process, KI Design developed a custom audit solution that uses predictive analytics to detect potential privacy breaches. The explanation-based auditing system we offer uses AI to analyse workflows and identify connections between patients and employees, thus identifying plausible purposes for employees to access patient records. The system flags the 1-2% of accesses without apparent explanation for review by privacy staff.
Our records access audit solution integrates publicly available online data with internal data in order to identify cases of potential non-compliance. The solution scans the open web and publicly available social media for reports of high-profile incidents or individuals, and flags affected patients whose records are at high risk of privacy violations. For example, a news item naming an individual injured in a local car accident would result in a notification to the privacy officer to check for potential snooping into that individual’s medical records. The audit solution can also flag cases in which employees access patient records pertaining to their neighbours, in order to detect potential snooping.
With KI Design’s audit solution, privacy staff at five hospitals review potential incidences of unauthorized access to patient records, which are presented through user-friendly custom dashboards. Privacy staff are able to use their time more efficiently by focusing their attention on the records at highest risk for privacy breaches.
Through the competitive dialogue process, KI Design was able to design a custom solution optimally suited to our clients’ needs, and to establish strong communication. The Mackenzie Innovation Institute continues to build capacity for the adoption of innovative procurement methodologies to create new solutions. KI Design brings this experience in collaborative solution design to all of our projects. We take the time to analyze clients’ unique needs, staff workflows, and policy contexts, and translate these into specifications for customized data monitoring and AI solutions. Open communication enables us to develop creative and innovative solutions for each client’s unique context.