Lothian Patients' Record's Protected Thanks to Data Safety Solution Delivered by Northgate Managed Services
22 September 2010
Equivalent of 850,000 patients and 1.3m records protected from security breaches
Northgate Managed Services (Northgate), one of Scotland's leading ICT services and solutions providers, has delivered NHS Lothian a data safety solution which has resulted in immediate and significant improvements in the protection of almost one million patients' data.
NHS Lothian worked with its ICT partner Northgate to combat incidents involving employees and affiliates using Electronic Health Records (EHR) to conduct unlawful activities such as VIP record snooping, unauthorised access to information and loss of sensitive data.
In response to a need to be more proactive and further enhance data security, Northgate implemented the latest FairWarning© privacy surveillance solution which has been operational across primary, community-based and acute hospital services throughout Edinburgh, Midlothian, East Lothian and West Lothian since February of this year. The solution is now protecting NHS Lothian's 18,000 users of the electronic record TRAKcare system from internal security breaches, which equates to approximately 850,000 patients and 1.3m records.
Records from multiple healthcare applications are processed by pulling audit files from each system identified by NHS Lothian to be monitored. The surveillance is non-evasive and systematically identifies users who are engaging in patient record access patterns that are indicative of snooping, password sharing and other suspicious behaviours.
Within the first few days of go-live NHS Lothian received over 100 users potentially breaching the access policy. This proactive monitoring enables NHS Lothian to review in advance anything likely to be deemed as a data protection breach and take steps to further prevent incidents occurring. It has reduced privacy incident rates considerably and enables a rapid and thorough response to patient privacy enquiries.
NHS Lothian's Director of eHealth, Martin Egan, commented: "Data management and its security is an issue that we take very seriously, and is an area that requires careful monitoring and constant review. Northgate continues to respond to our needs professionally to ensure that ICT systems are robust and the proper levels of security is offered to ensure the proper management of patient records is adhered to. The introduction of a privacy surveillance solution as an addition to our existing capabilities has allowed us to significantly move ahead as we strive to ensure compliance with the Data Protection Act (DPA) and provide assurance to our patients that their data is in safe hands."
Replacing the manual review process with an automated system also generates considerable efficiencies and return on investment. The solution is also scalable to support future growth within NHS Lothian.
Jonathan Cameron, Emergency Care Summary (ECS) Programme Manager for National Services Scotland, added: "The integration of Fairwarning with the ECS in Scotland will be a major step forward for boards in meeting the strict audit protocol requirements for ECS.
"Using a privacy surveillance solution will make it significantly faster and easier for all accesses to be monitored and reported on and this will have significant benefits for ensuring the secure use of patient information in the NHS in Scotland."
Northgate has previously worked with NHS Lothian in a project to encrypt all 4000 laptops and USB devices in order to prevent data loss and continues to offer support on data security and information technology to enhance the service that NHS Lothian provides.
James Turnbull, Managing Director, Infrastructure Solutions, Northgate Managed Services added: "The issue of data security is one that is affecting more and more organisations in today's technology-based business environment. The three most common sources of data breach come from: well-meaning insiders; targeted attacks from outside the organisation; and malicious insiders. Two of the three are internal so it has never been so important for organisations in possession of critical information - such as citizen or customer data, intellectual property or trade secrets - to protect it. The overall risk of a data breach is higher than before, illustrated by recent high profile privacy incidents across many different organisations. NHS Lothian has moved quickly to update its security protocols and to ensure the proper handling of sensitive and confidential patient information by its staff. I am confident that the solutions provided will only help to reassure patients that any information being held is done so securely."
