Industry Research : Patient Record Manipulation Scandal Highlights Need for Better Data Governance
Commenting on reports that a Canberra hospital manager has admitted to changing A&E patient records to make it appear the department was more efficient than it actually was, Varonis Systems says that the possibility of this happening in the US and UK healthcare sectors cannot be ruled out.
Data manipulation, says David Gibson, vice president of strategy with the data governance specialist, has been going on for far longer than computers have been around – it’s just that computers have made this type of fraud a lot easier, he explained. "This Australian case is interesting from a governance perspective, as the manager concerned has admitted his department tweaked around six per cent of the database in order to make the patient wait times – and hospital stays – appear shorter than they actually were," he said.
"You could argue that, since patient care and welfare was not affected, this was not a major issue, but as a growing number of healthcare organisations operate on the basic of efficiency targets, there are obvious budgetary issues involved here," he added. Gibson went on to say that the $64,000 question that healthcare managers in other jurisdictions of the world need to ask is whether this kind of data manipulation could be happening in their organisations – and the answer, he says, is that without strong data governance audit systems in place, they cannot be sure.
The reality, the Varonis VP of strategy notes, is that there are clear financial and management consequences from data manipulation. And this, says Gibson, is where effective data governance can step in and assist. By automating the security of structured and unstructured data – up to 80 per cent of data falls into the unstructured category, Varonis has found – managers can discover whether data manipulation is taking place.
David Gibson recommends the following steps for making unstructured data more secure:
- Reduce read access to critical data to only those who require it
- Reduce modify access even further - as few people as possible should be able to make changes to these files
- Changes to critical data should be monitored and then reviewed for accuracy by at least one other individual— even performing random checks on a subset of changes can make a difference.
For structured data, Gibson explains, there are often options to restrict and audit field-level manipulation with automation to prevent or catch potential issues, but the same manual process described above may be used.
"Had this type of process been in place at this Canberra hospital, then the data manipulation by this manager would have been discouraged, caught, or prevented. Effective data governance really does work."
Today's Tip of the Day - Begin With The End
More Editorial From Varonis
Published: Tuesday, June 26, 2012