Fall 2024 Issue

Automation: The Role of AI and Automation in Enhancing Patient Privacy Teams
By Susan Chapman, MA, MFA, PGYT
For The Record
Vol. 36 No. 4 P. 10

The integration of artificial intelligence (AI) and automation in patient privacy monitoring has revolutionized the workflows of privacy teams. Demi Borden, product owner of Haystack iS at iatricSystems, often presents on this topic and provides her insights into this evolution in HIM.

The Impact of AI
“Traditionally, patient privacy teams would manually sift through millions of rows of data, a task comparable to finding a needle in a haystack,” she explains. “This process is not only tedious and time-consuming but also inefficient, often yielding minimal results. AI, however, offloads the burden of data analysis, providing close to real-time results with alerts and reporting that can pinpoint inappropriate or suspicious activity. Instead of manually searching for connections between data points, AI can analyze every protected health information (PHI) access and uncover unusual patterns, such as accesses by coworkers, family members, VIPs, or neighbors.”

With AI, privacy teams can gain a comprehensive view of all activities, allowing them to target specific types of access and automate follow-up procedures. “For example, when you see a coworker access that looks suspicious, most the time you have a workflow of people to reach out to and ask questions of. You need to reach out to that user who accessed the PHI or their manager, asking for more information, if it was within their job duties, and other questions, which is a time-consuming and tedious part of patient privacy,” Borden says. “However, with AI, if a coworker’s access appears suspicious, an AI system can automatically send out an email questionnaire to the relevant parties, gather the necessary information, and return it to the privacy investigator. This type of automation streamlines the investigative process, enabling privacy officers to focus on tasks that cannot be automated and enhancing overall efficiency.”

Enhancing Privacy Programs and Uncovering Trends With AI
AI and automation transform privacy monitoring from a reactive to a proactive process. AI systems can identify unusual patterns and trends, allowing privacy teams to build robust programs, but without them, privacy monitoring becomes an activity all its own amidst the bustle of normal activity. Borden elaborates, “As an example, AI can alert teams to those different types of access anomalies like out-of-norm PHI accesses by coworkers or family members.”

Recognizing patterns enables organizations to tailor educational programs to address specific issues. “A customer told me that they discovered family snooping and self-access are a lot more prevalent at the end of the calendar year, near the holidays and New Year,” Borden says. “By having the ability to recognize this as a trend, they’re now able to start pushing out educational programs a few weeks or months before this time of the year in an effort to prevent and reduce those incidents. By proactively addressing those trends with targeted education, organizations can help prevent privacy breaches and reduce the frequency of such occurrences over time.”

Transitioning to a Proactive Privacy Monitoring Approach
As organizations strive to move from a reactive to a proactive approach, Borden recommends they seek vendors that offer robust support, including training and connections to other customers. Such support can ensure a smooth transition and helps privacy teams maximize the benefits of emerging technology.

Streamlining Identification and Addressing Privacy Breaches
Borden offers an analogy to describe how organizations can benefit by streamlining the processes of identifying and addressing privacy breaches. “If privacy is a mountain, the accesses to PHI in the different departments, hospitals, and clinics, are the towns and valleys at the base of this mountain,” she explains. “The privacy team shouldn’t be running in circles checking in here and there. They should be elevated to the top of the mountain and be able to view everything that is going on surrounding them. It’s hard to see if there’s a problem a mile ahead when you’re in the forest of data, but it’s a lot easier when you have that bird’s eye view from the mountaintop.”

Expediting Privacy Investigations With Advanced Virtual Assistants
Borden credits the Advanced Virtual Assistant (AVA), an automation tool within her company’s patient privacy monitoring solution, Haystack iS, as playing a pivotal role in expediting privacy investigations. AVA assists privacy teams by automating tedious processes like information gathering and follow-up so they can focus on the more strategic tasks that cannot be automated. “For instance, AVA can quickly identify inappropriate accesses, such as those involving high-profile patients, and alert the relevant teams and managers. This rapid response can deter further inappropriate accesses through word-of-mouth within the organization,” Borden says. “Additionally, AVA can streamline routine investigations, such as self-accesses, by automating the entire process. This automation saves significant time and resources, allowing privacy teams to focus on more complex investigations.”

Predicting and Preventing Unauthorized Access Spikes
Data analysis enables organizations to predict and prevent spikes in unauthorized access to patient information. “For example, if an organization identifies a trend of increased family access during the holiday season, like the client I mentioned,” Borden says, “it can proactively start educational programs weeks before the holidays. This proactive approach helps prevent breaches and reduces the frequency of unauthorized accesses during high-risk periods.”

Best Practices for Preventing Privacy Breaches
Borden advises that the most effective way to prevent privacy breaches is to make that shift from a reactive to a proactive approach. “Investing in AI and automation solutions is essential for empowering privacy teams with the tools and resources needed to monitor and address privacy issues effectively. Additionally, customizing education based on identified trends and regularly updating policies can further enhance privacy programs.”

Customizing Education to Reduce Privacy Breaches
Organizations can use data to tailor educational programs and reduce the occurrence of privacy breaches. “If data analysis reveals a high frequency of coworker accesses in a specific department, targeted education can be provided to that department,” Borden notes. “Continuous monitoring and updating of policies based on access patterns also ensure that employees are well-informed about privacy protocols.”

Importance of Tracking Progress in Privacy Program Management
Tracking progress is crucial for measuring the effectiveness of privacy programs. “You may notice that these accesses aren’t decreasing, and maybe that is the time to analyze your policies to make sure they are clear to employees,” Borden says. “By comparing data from different periods, organizations can assess whether their efforts, such as targeted education or policy updates, have led to a reduction in inappropriate accesses. This ongoing evaluation helps refine privacy strategies and ensures continuous improvement.”

Effective Use of Technology and Data in Maintaining Patient Privacy
To effectively use technology and data for maintaining patient privacy, Borden advises that organizations maintain strong relationships with their technology vendors. “Vendors possess extensive experience and knowledge, which can be invaluable for privacy teams,” she says. “They will have a great deal of experience working with different organizations that are going through the same process, and that type of knowledge can be so useful, especially for a team that may not ever have had this technology. Find a vendor that also supports communication between its customers, so you can talk to other privacy teams from different organizations and work together to build great privacy programs.”

The integration of AI and automation in patient privacy monitoring is transformative. It not only enhances the efficiency and effectiveness of privacy teams but also enables a proactive approach to privacy management. By leveraging AI to analyze data, identify trends, and automate routine tasks, health care organizations can significantly improve their privacy programs and better protect patient information.

— Susan Chapman, MA, MFA, PGYT, is a Los Angeles–based freelance writer and editor.