A new software tool is helping to further protect patient privacy.
In February, Nebraska Medicine and UNMC implemented a new tool, Protenus. Protenus is an industry leader in patient privacy monitoring and leverages artificial intelligence and advanced analytics to monitor activity in One Chart/Epic and to report suspicious activity to privacy office staff for further investigation.
“Patients trust us to protect their health information, and we should never let them down by inappropriately accessing or using their information. We take privacy seriously and appreciate your commitment to protecting our patients,” said Anna Cramer, JD, chief legal and compliance officer, and chief people officer for Nebraska Medicine.
Case types routinely reported by Protenus include questionable access to coworkers, family members, neighbors, repeat offenders (users who have previously improperly accessed a record), self-access, VIP (such as individuals who have been flagged as being in the news), department mismatch (users who access patients who are not seen in their assigned clinical area) and suspicious activity. The functionality of this tool allows the privacy team to review more activity since much of the assessment already is provided by Protenus. Below are excerpts from alerts sent to the privacy team:
- This user is a potential family member of the patient.
- This user’s name is the same as one of the patient’s contacts.
- This user and the patient have the same last name.
- This user has the same address as the patient.
- The user accessed one potential family member on this day.
- This user searched for this patient by their name.
- The user department is different than the departments where the patient was seen.
- This user has never charted in, nor submitted orders, for this patient.
- This user spent up to 56 seconds in this patient’s record.
- This user performed 11 VIEW actions in this patient’s record.
As a reminder, any access to any part of a patient record – whether the identity screen (see an example below), lab results, Snapshot, unit or facility access, or anything else – requires a current work-related purpose. All members of the workforce sign a confidentiality agreement annually. To review the agreement, please look at Privacy, Confidentiality and Security of Patient and Proprietary Information, IM06 for Nebraska Medicine colleagues and 6045 and statement of understanding for UNMC employees.
Accessing patient information without a current work-related reason can result in termination of employment or removal from training programs. For more information, review Patient Privacy Investigations and Levels of Violation policy, IM49, if employed by Nebraska Medicine, or 6302 if a UNMC staff, faculty or student member.
For additional questions, contact the privacy office by email and the team will respond as quickly as possible.
Pictured above is an example of the Protenus software dashboard. The information depicted in this example is not actual patient health information.