Clincosm LogoSign in Get a demo

The Effectiveness of Email Alerting on Reducing Employees' Unauthorized Access to Protected Health Information

Sponsor
Protenus, Inc. (Industry)
Overall Status
Completed
CT.gov ID
NCT05251844
Collaborator
(none)
444
Enrollment
1
Location
2
Arms
44.9
Actual Duration (Months)
9.9
Patients Per Site Per Month

Study Details

Study Description

Brief Summary

To assess the effectiveness of email warnings on reducing repeated unauthorized access to Protected Health Information (PHI), a randomized trial was conducted in a large academic medical center to understand the effectiveness of email warning on reducing repeated unauthorized access to PHI.

Condition or Disease Intervention/Treatment Phase
  • Other: receiving an email
 N/A

Detailed Description

From January 1, 2018, to July 31, 2018, a large academic medical center's PHI access monitoring system flagged all unauthorized accesses to patient electronic medical records from 444 employees (all professional medical staff), who were not part of the patient's intervention team and did not have access permission. 219 employees (49%) were randomly selected to receive an email warning on the night of their access, while the remaining employees (225, 51%) served as controls. The email informed that the employee has had been identified as having accessed a patient's electronic medical record without a known work-related purpose and that unauthorized access is a privacy violation. A sample email was attached at the end of the protocol.

The system tracked all these individuals' violations within the sample period. Later on, all cases with the violators' ID and patients' ID fully de-identified (see the following excerpt as examples) were shared with researchers at John Hopkins and Michigan State for data analyses. Because researchers do not have the ability to link the data with an identifier, the study was exempted from Michigan State University's IRB review.

Violator ID Patient ID Date Intervention 01B1NSYX3CEXZ86UZXU7R9JQ4VEK R7Z8RTZQL4B9IAC13F6EXQJVWAI7 1/2/2018 No Email

01B1NSYX3CEXZ86UZXU7R9JQ4VEK R7Z8RTZQL4B9IAC13F6EXQJVWAI7 1/3/2018 No Email

Study Design

Study Type:
Interventional
Actual Enrollment :
444 participants
Allocation:
Randomized
Intervention Model:
Parallel Assignment
Intervention Model Description:
one group received email notice while the group didn'tone group received email notice while the group didn't
Masking:
Quadruple (Participant, Care Provider, Investigator, Outcomes Assessor)
Masking Description:
all violators' identities are masked to Protenus.
Primary Purpose:
Other
Official Title:
Effectiveness of Email Alerting on Reducing Hospital Employees' Unauthorized Access to Protected Health Information: A Nonrandomized Controlled Trial
Actual Study Start Date :
Jan 1, 2018
Actual Primary Completion Date :
Jul 31, 2018
Actual Study Completion Date :
Sep 30, 2021

Arms and Interventions

Arm Intervention/Treatment
Experimental: Email warning

some individuals that accessed patients' data without authorization were randomly selected to receive an email warning. A sample email: Dear Colleague, The {Organization} proactive electronic record monitoring system has flagged you as having accessed the electronic patient record of {Patient_Name} on {Case_Event_Date}. A clear work-related purpose has not been identified for this access, and there are no approvals in place by the {Organization} Privacy Office to allow access to this record for personal purposes in accordance with A065. {Organization} takes the privacy of patient information very seriously. The {Organization} Privacy Office is now investigating this access as a potential privacy breach. This potential noncompliance needs to be resolved immediately. To help determine whether a privacy breach has occurred, please respond to this email with answers to the following questions no later than 5 days from the date of this email...omitted due to length

Other: receiving an email
The email informed that the employee has had been identified as having accessed a patient's electronic medical record without a known work-related purpose and that unauthorized access is a privacy violation.
No Intervention: No eamil warning

individuals that were flagged as accessing patients' data without authorization on the same day as the experimental group were used as the control group

Outcome Measures

Primary Outcome Measures

  1. the number of subsequent unauthorizated access violations [12 weeks starting from the first time a violation was flagged]

    The investigators monitored and collected all the subsequent unauthorized access violations for both the experiment and the control group

Eligibility Criteria

Criteria

Ages Eligible for Study:
N/A and Older
Sexes Eligible for Study:
All
Accepts Healthy Volunteers:
No
Inclusion Criteria:
  • violators of patients' privacy rights
Exclusion Criteria:

Contacts and Locations

Locations

Site City State Country Postal Code
1 Protenus, Inc. Baltimore Maryland United States 21231

Sponsors and Collaborators

  • Protenus, Inc.

Investigators

  • Study Chair: Nick Culbertson, BS, Protenus, Inc.

Study Documents (Full-Text)

None provided.

More Information

Publications

None provided.
Responsible Party:
Protenus, Inc.
ClinicalTrials.gov Identifier:
NCT05251844
Other Study ID Numbers:
  • email_alert_effectiveness
First Posted:
Feb 23, 2022
Last Update Posted:
Feb 23, 2022
Last Verified:
Feb 1, 2022
Individual Participant Data (IPD) Sharing Statement:
No
Plan to Share IPD:
No
Studies a U.S. FDA-regulated Drug Product:
No
Studies a U.S. FDA-regulated Device Product:
No

Study Results

No Results Posted as of Feb 23, 2022