Protenus: Using Access to the Electronic Health Record to Catch Bad Actors Inside Healthcare Organizations

Nick Culbertson Co-founder and CEO Protenus Inc.-Insights Success

Health care has experienced an increase in data breaches over the past decade; as medical records become increasingly digitized and shared, access to sensitive health data has skyrocketed. As a result, it’s becoming increasingly difficult to understand who is accessing patient data and whether or not they are doing so appropriately. Improving the state of the industry is about trust, and trust starts with increasing visibility into who is accessing patient information. Protenus is a healthcare compliance analytics platform that helps hospitals maintain that trust by monitoring all accesses to health data, understanding the clinical context necessary to differentiate normal from anomalous behavior, and elevating only true threats for human review, resulting in reduced overall risk to healthcare organizations and their patients.

Building Trust with Incorporation of Advanced Tools

Protenus uses artificial intelligence to accomplish this task. The firm detects and eliminates inappropriate behavior inside healthcare organizations, helping hospitals, insurers and health information exchanges build trust with their patients. The Protenus team uses artificial intelligence to audit every access to electronic medical records to identify patient privacy violations, employee theft of narcotics, and more, and they do this by developing a deep understanding of how individuals access some of the most sensitive and valuable information on the planet: health data.

Critically Identifying Internal and External Malicious Actors

Protenus brings big data technology to healthcare data compliance, with unprecedented levels of security controls. It’s well known that the best security programs come in layers. While health systems deploy firewalls, network controls, anti-virus and anti-malware software, and more, these organizations have historically not had the tools necessary to distinguish appropriate from inappropriate end-user behavior in clinical settings.

The Protenus platform fills this gap, serving as an immune system for health data by identifying internal and external malicious actors, and ensuring that everyone who has access to health data is using their privilege appropriately, giving leaders full visibility into health data access and building trust across each healthcare organization.

Architects behind Protenus

Protenus is led by Nick Culbertson, co-founder and CEO, who together with co-founder and President Robert Lord took a leave of absence from the Johns Hopkins Medical School to start the company in 2014. As medical students, they saw firsthand how electronic medical records created a new slate of serious security and privacy concerns, and developed the initial prototype and predictive algorithms that launched Protenus, fulfilling a critical need to better protect patient data.

Prior to medical school, Nick served eight years in the military, including service in the U.S. Special Forces as a Green Beret with a specialization in Human Intelligence networking.  Knowing that mission success is driven by successful teams, Nick prioritizes the recruitment and retention of talented data scientists, big data engineers, and business operators who specialize in artificial intelligence and enterprise data security.

Strategies and Principles for Success

Protenus knew from day one that to be trusted with protecting health data, being a leader in enterprise security was critical to success. To build a technology product with world-class enterprise security features, Protenus recruited a team with experience securing large amounts of sensitive data: 78% of its engineering team has worked with the DOD and US Intelligence community to secure and process some of our country’s most sensitive national security information.

“It’s this deep bench of enterprise security talent that has allowed Protenus to build a technology platform that keeps electronic medical record data safe,” Nick said. “Security remains at the core of our company ethos today.”

Protenus follows three core principles to safeguard the data of customers, and earn their trust.

  • The firm takes a holistic approach to enterprise security. From two-factor authentication to network defensibility to employee training, Protenus evaluates each element of the company, its contribution to overall security posture, and work to mitigate any potential gaps.
  • Through their SecDevOps practice, Protenus automates security whenever possible to ensure the latest patches are applied before they can be used to compromise their network.
  • Protenus evaluates technology choices for suitability in enterprise applications, and even then, rarely use products ‘as is’.

Protenus meets and exceed the HIPAA Security Rule, HITECH, and Meaningful Use 3 requirements for auditing controls, and follows OCR protocol recommendations. The firm is SOC-2 certified and is regularly pen tested, most recently by Rapid7.

Benefits for Healthcare Organizations

By using artificial intelligence to audit every access to health data inside a healthcare organization and elevating only true threats for human review, Protenus is helping instill trust and transparency in healthcare. The nation’s top hospitals use the Protenus platform to ensure that everyone who has access to patient data is using that access appropriately, and to keep their health data secure.

Looking towards the Future

Healthcare compliance analytics can identify any anomalous activity inside an electronic health record; understanding how digital health records should be accessed, and by whom, is only the first step to ensuring that patient information is safe. For example, healthcare providers with access to a patient’s electronic medication administration record can use that information to divert—or move from a legitimate use to an illicit one—narcotics into their personal possession. Protenus has already established itself as a leader in protecting health data and preventing patient privacy violations, and is now using its AI-empowered platform to identify and prevent other types of fraud, waste, and abuse, like drug diversion, throughout healthcare.

Source :-The 10 Most Trusted Companies in Enterprise Security for 2017