By Daniel Fabbri, CEO of Maize Analytics,
Assistant Professor of Biomedical Informatics
and Computer Science at Vanderbilt University
Big Data and Artificial Intelligence technology are improving medical data privacy and security every day. New technologies promise increased efficiency, improved accuracy, and better risk management. But to fully realize the potential of these technologies and maximize outcomes, we need tools that also empower the compliance officer to succeed.
Compliance officers work to improve patient care by helping their organization meet expectations set forth in laws, regulations, and organizational policies. Just like doctors and nurses, compliance officers go to work every day to help patients, but with a super-focus on protecting patient privacy and safety. As the Health Care Compliance Association puts it, “Health care compliance programs are ultimately judged by…the delivery of health care to the patients.”
Unfortunately, technological advances have been slow to benefit compliance officers. While physicians now prescribe and diagnose conditions with the help of clinical decision support systems, compliance officers often find themselves manually sifting through medical records to investigate patient record access breaches. With millions of access records created daily, manual processes prohibit reasonable review of patient logs and records. This laborious process limits compliance officer effectiveness.
Some organizations employ automation to help compliance officers analyze data to detect issues or breaches. These software systems are configured to “flag” potential bad behavior. “Flags” are static rules set-up by the software manufacturer or health care provider. To be effective, flags must be sensitive enough to identify potential issues, and specific enough to narrow down results to those that require investigation. For example, a flag that finds accesses to patients by employees with the same last name is not specific enough, and will invariably result in false positives. Similarly, if the system does not have an “ex-girlfriend flag,” the system could lack sensitivity and those inappropriate activities will never be caught. Even if sensitivity and specificity are properly calibrated, it is impossible to enumerate all possible ways in which individuals behave poorly, thus resulting in missing flags in a system’s detection arsenal.
In contrast, consider how compliance officers identify and investigate an issue. Often, this process starts with the question: “Why did this access occur?” If a compliance officer can create an operational narrative backed up by the facts, they are justified in dismissing the issue. If they cannot, they look for more facts and continue asking questions. The compliance officer may even objectively approach the employee with their findings to “help me understand why you accessed Mr. Smith’s file.”
To empower compliance officers, new advanced software systems should harness this human approach to automate tedious and repetitive processes while improving effectiveness. Doing so will allow compliance experts to better answer difficult and ambiguous questions and investigate accesses.
A key feature of these technologies should also be transparency. Unlike systems that output potentially high-risk behavior without context, advanced systems should help compliance officers understand not only “why did this access occur”, but also “what evidence supports this access.” If a compliance officer cannot concretely and concisely state how a system works and what it is finding (beyond it uses machine learning or artificial intelligence), then that system lacks the necessary transparency to empower its user.
Much like clinical decision support systems help physicians automate tasks and analyze data points to aid diagnoses, auditing system advances can advise compliance officers. Compliance officers empowered by technology are more effective, and better able to protect patients.Empowering Compliance Officers With TechnologyClick To Tweet