Audit Software Gives Hospitals 'Fair Warning'

Hospitals are turning to auditing software in response to concerns about patient information security and privacy.

Privacy auditing software vendor FairWarning says it will double its customer base in 2008, as hospitals respond to security and patient information privacy concerns.

FairWarning CEO Kurt Long said hospitals are faced with intense pressure from HIPAA (Health Insurance Portability and Accountability Act) to ensure that any applications that interact with patient data follow strict procedures and comply with privacy regulations. The task is daunting for hospitals, especially because so many applications access patient data, Long said, including registration desk software, applications for accounting, records from different doctors and nurses, and records from partnering hospitals and clinics.

Analysts said the pressure on health care organizations increased in 2007, when HIPAA began a series of audits with the surprise delivery of a list of 42 security and privacy requirements to Atlanta's Piedmont hospital. Other surprise audits have followed and more are anticipated. Before Piedmont, most health care organizations didn't expect that HIPAA would lead to audits. Now, however, just the mention of the infamous "Piedmont letter" can make hospital staff cringe, analysts said.

The U.S. Department of Health and Human Services continued HIPAA audits throughout 2007, and has announced its intention to crack down even harder on noncompliant hospitals in 2008. Since then, health care organizations have been struggling to conduct their own internal audits before HIPAA auditors arrive to ensure that they are compliant, analysts said.

"HIPAA spells out what the health care organizations must do to systematically review all applications and process that touch patient health information. It's really daunting to conduct those audits through manual processes that aren't secure," Long said.

FairWarning performs automated privacy and security audits, and can supplement a hospital's internal auditing procedures, Long said. "This dovetails with internal audits and security procedures so organizations can reinforce what they are doing right and where they need to improve," he said.

Long said FairWarning, formerly EpicTide, is installed in "dozens" of customer organizations across the United States and plans to at least double that number in 2008. While the number may seem small, he said some customers have as many as 43,000 employees using the software.