BALTIMORE – April 13, 2022 – (
Protenus is pleased to announce a recent study found that on-site interventions for healthcare workers who inappropriately accessed PSRs were 95% effective in preventing recurrence. The article, “Effectiveness of Email Warning in Reducing Unauthorized Access of Hospital Employees to Protected Health Information: A Non-Randomized Controlled TrialBy Authors Dr. John (Xuefeng) Jiang, Ph.D., Professor, Plante Moran Faculty Member, Department of Accounting and Information Systems, Michigan State University; Nick Culbertson, CEO and Co-Founder of Protenus; and Dr. Ge Bai, Ph.D., CPA, professor of accounting at Johns Hopkins Carey Business School, was published yesterday on JAMA Network Open.
Internal data breaches are no small feat for healthcare organizations, especially large academic medical centers like the one in the trial. 92% of minor and major offenses combined in 2019 were related to unauthorized access, according to publicly available data from the US Department of Health and Human Services (HHS). Typically, organizations focus on low-volume, high-risk events, such as VIP patient privacy breaches, which are often made public, rather than high-volume, low-risk events. such as accessing a family member’s information or self-access, which can be just as violent for the patient.
With small compliance teams or limited staff resources, it’s easy to miss all benign or smaller events, but these often turn into larger breaches over time. According to Nick Culbertson, “If you’re just waiting for a big event, you’re going to miss the small, preventable actions that can escalate into higher-risk breaches. Prevention is the most effective strategy. And that’s what we do at Protenus – working to eliminate risk, not waiting for it to happen.”
The researchers hypothesized that education might help prevent first-time offenders from committing further offences. During their trial, they discovered supporting evidence that this was indeed the case. “What an email warning can do to deter employees from unauthorized access is astounding. A simple email can lead to big changes,” says Dr. Ge Bai – a result that confirms the power of the technology to support the proven hypothesis.
With healthcare being constantly attacked by cybercriminals, it is encouraging to see that the risk of insider events can be significantly mitigated. Dr. John (Xuefeng) Jiang said, “In my previous work, we found that more than half of healthcare data breaches were caused by internal errors or provider negligence. So I was delighted to find that a simple email warning could significantly reduce these internal errors. I look forward to working with Nick and Protenus to discover more solutions to cybersecurity challenges in healthcare.”
If left unchecked, healthcare employees who commit unauthorized access to protected health information pose a huge financial and reputational risk to the organization and, more importantly, to its patients. To learn more about how data breaches affect the healthcare industry, download the Infringement Barometer 2022 of Protenus.
Protenus harnesses the power of AI to provide healthcare organizations with scalable risk reduction solutions that drive the safest outcomes for patients while protecting organizations’ reputations. We are committed to innovation, determined to reduce risk and focused on supporting our community of employees, customers and ultimately patients. Empowering healthcare to eliminate risk is at the heart of everything we do. Founded in 2014, Protenus is three times winner of the Forbes‘America’s Best Startup Employers, is a Great Place to Work® Certified Company and was named one of the 2021 CBInsights Digital Health 150, one of the best places to work in healthcare by Modern Healthcare, and one of the best places to work in Baltimore by the Baltimore Business Journal and the Baltimore Sun. Learn more about Protenus.com and follow us on Twitter @Protenus.
Marketing content writer
Press Release Service by
On-site intervention 95% effective in reducing unauthorized access by healthcare workers to protected health information (PHI)