News & Press

On-the-Spot Intervention 95% Effective in Reducing Healthcare Employees’ Unauthorized Access to PHI

Finds new article published in JAMA Open Network

BALTIMORE, MD – April 14, 2022 Protenus is pleased to announce a recent study found that on-the-spot intervention to healthcare employees that inappropriately accessed PHI were 95% effective in preventing repeat offenses. The article, "Effectiveness of Email Warning on Reducing Hospital Employees' Unauthorized Access to Protected Health Information: A Nonrandomized Controlled Trial" by authors Dr. John (Xuefeng) Jiang, PhD, Professor, Plante Moran Faculty Fellow, Department of Accounting & Information Systems at Michigan State University; Nick Culbertson, CEO and Co-Founder of Protenus; and Dr. Ge Bai, PhD, CPA, Professor of Accounting at Johns Hopkins Carey Business School, was published on JAMA Network Open yesterday.

Insider data breaches are no small matter for healthcare organizations, especially large academic medical centers like the one in the trial. 92% of combined small and large breaches in 2019 were tied to unauthorized access, according to publicly available U.S. Department of Health & Human Services (HHS) data. Typically, organizations focus on the low volume, high-risk events like VIP patient privacy violations that often go public, rather than the high volume low-risk events such as access to a family member’s information or self-access, which can be just as violating to the patient.

In the case of small compliance teams or limited staff resources it’s easy to miss all the benign or smaller events, but those often turn into bigger offenses over time. 

“If you just wait for a big event, you’re going to miss the preventable small actions that can escalate into higher risk violations. Prevention is the most effective strategy. And that’s what we do at Protenus — working to eliminate risk, not waiting for it to happen.” - Nick Culbertson, CEO Protenus

 

The researchers hypothesized that education could help stop first-time offenders from further violations. Through their trial, they uncovered supporting evidence that this was indeed the case. “What an email warning can do to deter employees’ unauthorized access is stunning. A simple email can lead to big changes,” says Dr. Ge Bai, an outcome that confirms the power of technology in supporting the proven hypothesis.

With the healthcare constantly under attack by cybercriminals, it’s encouraging that the risk from insider events can be greatly mitigated. Dr. John (Xuefeng) Jiang says, “In my previous work, we found more than half of the healthcare data breaches were caused by providers’ internal mistakes or neglect. So I was thrilled to find out that a simple email warning could significantly reduce these internal mistakes. I look forward to working with Nick and Protenus to uncover other solutions to the cybersecurity challenges in healthcare.”

Read the complete report from JAMA now

If allowed to go unchecked, healthcare employees committing unauthorized access to protected health information present a huge financial and reputational risk to the organization and most importantly, its patients. To learn more about how data breaches are affecting the healthcare industry, download the 2022 Breach Barometer from Protenus.

About Protenus

Protenus harnesses the power of AI to provide healthcare organizations with scalable risk-reduction solutions that drive the safest patient outcomes while protecting the reputation of the organizations. We are committed to innovation, determined to reduce risk, and focused on supporting our community of employees, customers, and ultimately, patients. Empowering healthcare to eliminate risk is at the heart of all we do.

Founded in 2014, Protenus is a three-time winner of Forbes’ America’s Best Startup Employers, is a Great Place to Work®-Certified company, and was named one of 2021 CBInsights Digital Health 150, one of The Best Places to Work in Healthcare by Modern Healthcare, and one of the Best Places to Work in Baltimore by the Baltimore Business Journal and the Baltimore Sun. Learn more at Protenus.com and follow us on Twitter @Protenus.