HIPAA audits drive business for privacy software firm

FairWarning, a supplier of health care privacy auditing systems based in St. Petersburg, Fla., reported revenues for the first six months of 2008 more than doubled over the same period last year.

Company executives believe the increase has been due to a rise in electronic identify theft and snooping, as well as the announcement that the Department of Health and Human Services would start to audit hospital compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA),

In January, HHS's Centers for Medicare and Medicaid Services disclosed plans to audit 10 to 20 hospitals.

FairWarning, which was started in 2005, markets to hospitals, health systems and major physician offices. Kurt Long, the company’s chief executive officer, said the company has also started working with regional health information organizations (RHIOs). FairWarning’s involvement with RHIOs stems from the company’s collaboration with such health care applications vendors as GE Healthcare.

“In general, what you’ve got is RHIOs starting to get their arms around auditing,” Long explained, noting that until recently RHIOs were mainly focused on getting their baseline deployments up and running.

FairWarning recently added support for Audit Trail and Node Authentication (ATNA), a move the company said will assist RHIOs and health information exchanges in auditing computer-to-computer transactions.

ATNA is an integration profile from the Integrating the Healthcare Enterprise (IHE) organization. Long described ATNA as one mechanism through which the company “can provide a comprehensive picture of a patient, or of a user, in terms of audit.”

Long said electronic health records vendors are architecting their products in the future around ATNA.

FairWarning’s privacy audit solution, which runs on an appliance server, takes audit logs and auditable events from health care applications. The audit data is stored in a database, through which FairWarning looks for patterns that might indicate medical identity theft or a snooping scenario, Long said. The solution sends alerts to a dashboard, which allows a privacy officer to monitor threats.

About the Author

John Moore is a freelance writer based in Syracuse, N.Y.

Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.