Homerton Hospital takes action to stop staff snooping on patient records

Privacy breach detection software deployed to protect patient information

Homerton University Hospital NHS Foundation Trust has implemented privacy breach detection software to prevent unauthorised staff snooping on patients’ medical records.

The trust has deployed a solution from FairWarning to counter serious data breaches and the improper accessing of Electronic Health Records (EHRs).

The move comes after studies suggested that the greatest threat to patient privacy in the UK comes from NHS staff abusing their legitimate access rights to read electronic records they are not entitled to see, with the number of breaches doubling in the UK over the past four years.

From a regulatory perspective, we are required to have a robust and pro-active system that not only reports breaches, but also prevents them from happening

Matthew Hall, information governance manager at Homerton University Hospital, said the decision to select the solution was motivated chiefly by the need to enhance the trust’s reputation and meet regulatory requirements.

“Primarily we have taken this step so we can demonstrate to the public that we do monitor access to their information, and that patients can have trust in us,” he added.

“From a regulatory perspective, we are required to have a robust and pro-active system that not only reports breaches, but also prevents them from happening. We need to be able to show that we are monitoring access appropriately and effectively. FairWarning will significantly help us to demonstrate that.”

The Data Protection Act is clear that NHS organisations must demonstrate compliance in terms of information security, but this is now being scrutinised and enforced more rigorously. The Information Commissioner’s powers have been increased and the Information Commissioners’ Office is now able to issue fines of up to £500,000 for data security breaches. This is already beginning to happen to NHS trusts.

Electronic healthcare can be a liberating force for NHS professionals, providers and patients, but unless privacy monitoring is built into NHS IT systems at ground level our ability to capitalise on the many benefits of electronic healthcare will be delayed

Hall said: “As the NHS moves further away from paper to electronic health records, it is becoming increasingly important for trusts to demonstrate that they have effective monitoring systems in place. Consequently, the need for solutions will only grow. At Homerton, we can confidently say that information is safe.”

The deployment will also help to deliver operational efficiencies. Hall explained: “Historically when we have been made aware of a potential breach it has fallen on IT to go through the audit trails. This has been an onerous manual process, taking up time and resources. With FairWarning, not only will the amount of investigation work required reduce, but, with such a pro-active, automated system, the speed of reporting will accelerate appreciably.”

Homerton will initially deploy the solution across Cerner Millennium, its electronic patient record system for the acute side of the trust, with a further implementation across the community system, RiO, at a later stage.

Les Baker, UK country manager at FairWarning, said: “Electronic healthcare can be a liberating force for NHS professionals, providers and patients and promises to be a key component in delivering faster, safer and better care. But, unless privacy monitoring is built into NHS IT systems at ground level, the risk of major data breaches will remain – and our ability to capitalise on the many benefits of electronic healthcare will be delayed.”

Companies