Back to Blog

Case Study: Securing GenAI for Long-term Patient Care at Elder Outreach

Prompt Team
October 21, 2024
On this Page
Loading nav...
  • Elder Outreach installed Prompt Security to uncover shadow AI and sanitize sensitive data coming from 150 employees with free rein of the internet. 
  • Stronger GenAI Security is allowing Elder Outreach to get more out of its IT budget and make bolder decisions on GenAI functionalities.
  • “Knowing that Prompt Security is taking care of us means that we can dedicate more time and resources to our core competency, which is caring for our residents.”

Hospitals, physicians and other healthcare providers are incorporating GenAI into their operations to streamline tasks like scheduling, documentation and billing. The need for GenAI security may seem most critical in acute care and other environments where data is transmitted rapidly. As it happens, GenAI Security is often no less valuable in slower-paced, less interoperable environments.

Elder Outreach provides healthcare and rehabilitation in elderly and nursing home settings. It offers long-term and short-term services that foster healing and independence, operating across five long-term care communities and two healthcare assisted living partners in Louisiana. The organization is subject to the Health Insurance Portability and Accountability Act (HIPAA), legally requiring it to protect any individually identifiable protected health information (PHI) in its control.

In long-term care, the pace of operations may be slower than that of emergency care, but the data on hand is no less sensitive. In fact, for long-term care in particular, data sensitivity extends to a wider range of stakeholders. For example, in contrast to acute care, where the only data on record is that of the patient, long-term healthcare and rehabilitation centers also keep family members’ information on hand. With just as much sensitivity and an even higher level of risk, the need for GenAI vigilance is substantial. 

Enhancing GenAI monitoring capabilities

150 or so Elder Outreach employees have free rein of the internet, beyond mere access to the organization’s Electronic Health Record (EHR). Keeping track of these employees’ GenAI use across dozens of apps was a tall order, according to Shawn Parker, the organization’s IT Director.

“It’s not enough for us to create an AI policy and distribute it to employees. At most, this helps enforce punishment only after a breach takes place. What we needed was visibility that could prevent breaches from happening in the first place. We needed a system that would alert us when sensitive information is being shared with websites that rely on GenAI.”

Parker had no intention of blocking employees from accessing GenAI websites. For one, he knew that such an approach is akin to Whac-A-Mole, with new GenAI sites popping up all the time. More than that, a strategy based on curtailing employees could harm business operations. The goal was to achieve peace of mind that Elder Outreach could operate as usual, all the while knowing that the organization would not be left helpless against disaster scenarios, such as an employee pasting a list of residents into ChatGPT.

Elder Outreach installed Prompt Security to uncover shadow AI and sanitize sensitive data from the organization before employees would send it to the Large Language Model (LLM) powering GenAI tools. It did not take long to reveal GenAI use that had until that point flown under the radar. Prompt Security detected that one of Elder Outreach’s teams was using a GenAI-powered chat function within the company’s outsourced payroll solution.

For Parker, the new visibility provided a deep sense of relief: “Since installing Prompt Security, we as an organization have become a lot less afraid of GenAI. Knowing that Prompt Security is taking care of us means that we can dedicate more time and resources to our core competency, which is caring for our residents.”

Peace of mind makes for confident planning

For Elder Outreach, there are significant material benefits to having invested in stronger GenAI security. Preventing breaches of sensitive data means more confident mid- and long-term planning. This can keep IT budgets efficient, as prevention is more cost-effective than clean-up. It can also enable Elder Outreach to take bold steps with GenAI in general.

For instance, if an EHR software vendor offers a functionality by which facilities can develop detailed descriptions of resident care without manually typing them, Elder Outreach can consider this functionality with more confidence.

Steps taken to improve GenAI security today are likely to result in positive developments down the line. We look forward to continuing our work with Elder Outreach and seeing such reverberations play out.

Share this post

Related posts

September 4, 2024

Setting a new standard for Enterprise GenAI Security with a comprehensive solution for Microsoft 365 Copilot

Announcing the launch of the industry’s first security and governance solution for Copilot for Microsoft 365, marking a significant milestone in GenAI Security for enterprise applications.
Read more
August 31, 2024

8 Real World Incidents Related to AI

Some of the questions we get asked with most frequency from many of our prospects and the ecosystem at large when embarking on their GenAI Security journey, revolve around "How real are the risks related to AI, have there been actual incidents involving AI?" The answer is yes.
Read more
August 1, 2024

Now Available: A New Version of Prompt Fuzzer, the first interactive open-source tool for GenAI Apps Vulnerability Assessment

The first of its kind, Prompt Fuzzer is an interactive, open-source tool that empowers developers of GenAI applications to evaluate and enhance the resilience and safety of their system prompts in a user-friendly way.
Read more
View all