The ginormous data breaches at payers such as Anthem and heath systems such as UCLA, may have been a wake-up call on the vulnerability of electronic medical records to external threats. But there’s also always been the risk that healthcare staffers, either acting on behalf of loved ones or their own curiosity, will take a peek at patient medical records. Either way, the reputation of providers and payers is on the line, as Nick Culbertson and Robert Lord, the co-founders of Protenus, explained in a phone interview.
“There’s a deep desire to restore trust that’s so essential for healthcare to function at a basic level that they need access to tools not just for in-house auditing, but also to inform them where they should be allocating resources,” said Lord.
“Our approach is slightly different. Rather than using simple rules, we learn about the prior breaches and from there we instill extra layers of analysis,” Culbertson noted. “We don’t actually look for what’s wrong, but we define what’s correct and look for deviations from that by looking at workflow.”
Since the company graduated from the DreamIt Health Baltimore accelerator, it has been growing its customer base. It completed a one-year development pilot with Johns Hopkins, where they also went to medical school. It soon converted the institution into a customer. “[Our technology] empowered them to do their job more efficiently from a compliance perspective,” Lord said.
It also counts Inova Health System in Virginia as a customer.
“One of the fundamental things we have learned is that hospitals are tremendously hungry for this information on data breaches and guarding data privacy and [many of them] don’t have the tools,” Lord said.
Although preventing unwarranted access to medical records has always been an issue for hospitals, even when those records were paper, the transformation to digital health records has forced healthcare facilities to be more vigilant since these records can be accessed more easily by a wider variety of people.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
“We have seen an exponential increase [in breaches] as records become increasingly digital and shared,” Lord said. “Reputational damage is becoming an existential threat to hospitals.”
The true cost of data breaches to institutions is something that is tough to quantify. Although Sage Growth partners estimated that it could cost $2 billion, Culbertson and Lord said based on their interview with hospitals, they think that the damages from data breaches could be as much as $6 billion. That’s because existing damage estimates don’t include things like loss of brand value.
Protenus’ product, which is currently unnamed, serves two functions. It works as a forensics investigation platform and it also helps provide a guide for hospitals to
retool the protections they have in place for patient data.
Rather than react to breaches, Lord said it’s created a system that helps health systems have a more proactive policy.
Looking ahead, Culbertson said it is speaking with channel partners as a way to add their security tool to product offerings from other companies. It is also having conversations with health systems overseas. Culbertson added that it sees applications for outpatient clinics, insurance companies, and dental offices.
Patient data security is very much of interest to retail clinics, too. Culbertson and Lord referenced a 2013 settlement by Walgreens to the tune of $1.44 million over an alleged HIPAA violation when a Walgreens pharmacist looked up the medical records of her husband’s ex-girlfriend, whom she suspected gave her husband an STD, according to a post on The Health Care Blog. She informed her husband of the results. He sent a text message to his ex girlfriend and informed her that he knew all about her results.
Lord said that he and Culbertson have seen more and more players start to enter this segment of health IT.
“We always welcome more entrants because it means more validation of the problem,” Lord said. “Patients are the ultimate winners here.”
Photo: Flickr user Nick Carter
