Maize Empowered NCH Privacy Officers To Accelerate Their Ability To Perform Patient Privacy Audits Quickly And Efficiently With Peer-Reviewed Patient Privacy System
Nationwide Children’s Hospital (NCH), one of America’s largest children’s hospitals, and Maize Analytics Inc. (Maize) gave a joint presentation at the Ohio Health Information Management Association in March showcasing how Maize empowered NCH privacy officers to accelerate their ability to perform patient privacy audits quickly and efficiently.
The presentation, entitled “Our Journey to Automated Privacy Monitoring”, described NCH’s transition from a manual and labor-intensive auditing process, a challenge most compliance/privacy officers face today, to an automated, machine learning-driven operation. While traditional approaches to patient privacy auditing first look for high-risk behavior, Maize’s Explanation-Based Auditing System flips the traditional auditing problem on its head by first filtering appropriate accesses from the audit log, and then identifying high-risk accesses for review. As a result, organizations experience an order-of-magnitude fewer false positives than traditional or manual approaches.
Maize’s machine learning technology is based on peer-reviewed and published research from top biomedical informatics and computer science journals. While machine learning and artificial intelligence technologies have received much press lately, Maize prides itself on its technology transparency, and how that technology is used in practice.
“Our technology is not a black box. Not only can the community read our research papers – which have been cited over 50 times – but our aim is to communicate the inner-workings of our system so end-users can understand its strengths and limitations,” says Daniel Fabbri, CEO of Maize Analytics and Assistant Professor at Vanderbilt University.
Understandably, privacy officers need to question new auditing technologies. As the OHIMA presentation showcased, organizations are encouraged to spend a lot of time validating the system’s results. All of this work is best done immediately after implementing the product. Only after validating the data and essentially building trust in the system, should organizations feel comfortable rolling back their daily monitoring of the system’s performance.
Unlike other unsupervised machine learning technologies that may “learn” bad or uninterpretable policies, Maize’s machine learning system keeps the privacy officer in the loop. The system generates “explanations” that describe why accesses occur (e.g., the doctor had an appointment with the patient). Privacy officers supervise the auditing system and “turn on” their policy to control how the system automatically audits.
Fabbri concluded by stating, “Covered entities must understand how the technology they deploy enforces their HIPAA policies. There is a lot of hype around machine learning and artificial intelligence in this space now, and if black box systems are left unchecked, privacy officers may have difficulty defending their automation to the Office for Civil Rights.”
Maize Analytics’ technology is a peer-reviewed and published system which automatically audits up to 99% of all EMR accesses for appropriate clinical or operational reasons, allowing privacy officers to focus on the truly suspicious data. The explanation-based system drastically reduces false positive alerts compared to traditional rules-based solutions.