For the HagaZiekenhuis, NFIR implemented its Dossier Monitoring solution. That solution helps organizations comply with the AVG, NEN7510 and NEN7513 on information security in healthcare, and guidelines from the NVZ trade association. With Dossier Monitoring , the HagaZiekenhuis has control over access to and use of dossiers. A conversation with Olaf Heinrich, privacy officer in the BMO – Information Security & Privacy Department.
start developing something themselves, or choose an existing solution that has proven itself in the market such as file monitoring from NFIR.
Why did the HagaZiekenhuis choose NFIR its file monitoring solution?
Olaf Heinrich: “As a HagaZiekenhuis, we wanted more insight into who uses which dossier and when. Then you can develop something yourself, or choose an existing solution that has proven itself in the market such as Dossier Monitoring from NFIR. The program is linked to our EPD system (EPD = electronic patient record) and uses the data it collects. There is a well-designed dashboard on which you see an overview of what is happening and has happened. Then you can take targeted action based on that.”
Automation saves time and effort
One positive effect of going to work with NFIR Dossier Monitoring is that you see what is happening faster – in real time – and so you can respond immediately, says Olaf Heinrich. “You see the peaks, when someone logs in very often or does so very often only with certain patients. You can see this at the user level and that creates greater security awareness among our staff. Furthermore, of course, you have to understand that you don’t give anyone else your pass to log in. The big advantage of this program is its automation. You can of course collect the same data manually, but this takes an awful lot of time and effort.”
Monitoring contributes to better behavior
Olaf Heinrich: “We do a lot to ensure that employees know how to handle medical data and follow the rules. All employees do a mandatory e-learning on information security every 2 years. We also do regular campaigns and actions so that everyone knows what the rules are. Monitoring completes this set: we do our best to make sure everyone knows the rules. Thanks to the monitoring, we can quickly spot if something does go wrong and call employees or managers to account.”
The great advantage of this program is its automation. You can collect the same ones manually, of course, but this takes an awful lot of time and effort.
Not seeing your own medical records
Asked about a business rule that the HagaZiekenhuis instituted in the NFIR program, Olaf Heinrich says, “An employee is not allowed to look in his or her own – comprehensive – medical record. We already had that rule and so we set it up when we started NFIR Dossier Monitoring. In that file you can also see, for example, who has said or done and registered what. More data is visible than in the patient portal. Therefore, for access to one’s own file, the patient portal should be used.”
With file monitoring you prove that you are monitoring and enforcing
Olaf Heinrich: “If you want to be certified on information security as a hospital, you have to monitor anyway, and you have to be able to demonstrate that. With a program like NFIR Dossier Monitoring , you can do that quite easily. Monitoring is now much more efficient than before and fits completely within the motto of the HagaZiekenhuis: caring, innovation and cooperation.”
Dossier Monitoring helps companies gain insight into
unlawful use of personal data.
Dossier Insights provides continuous and intelligent monitoring on file submissions through a business rules engine. Act appropriately in response to detected discrepancies and/or improper use of the emergency procedure.
