Blogs Home
Tuesday, December 19, 2017 2:00 PM

Security Audit Manager iQ™ Series: Machine Learning is Not Enough for Patient Privacy Monitoring

Written by Karen Pursch, Director, Patient Privacy Solutions


I recently read an article in Healthcare IT News, Myth busted: Machine learning software isn’t enough, and the title caught my eye.

Mac McMillan, CynergisTek CEO was quoted in the article, and brought up an interesting point of view about machine learning.

Machine learning software isn’t a new concept. CynergisTek CEO Mac McMillan said that it’s been used for decades to keep up with malware and has been introduced into anti-malware software. The technology relies on a set of known attributes and data and assumes the systems know these threats.

“With cybersecurity, that’s not a smart assumption,” McMillan said. “When you take the morphing nature of threats and new threats emerging like zero-day attacks — there’s no way for a system to learn what those attacks would look like. To rely solely on machine learning for security is just naïve.”

The reason I was interested in this article is because at Iatric Systems we are coming out with a new release of our patient privacy monitoring software —  Security Audit Manager iQ™. Our intention for the product will be to do everything possible to enhance the productivity of the patient privacy auditor.

If you are patient privacy professional and reading this blog, you’ll understand that part of your program relies on handling complaints and investigating specific patient accesses. All of the behavioral analysis and machine learning will not replace this type of investigation. That is why at Iatric Systems we use a layered-approach to find inappropriate behavior.

We do not solely rely on machine learning to find inappropriate behavior. We are using a comprehensive methodology that includes signature-based auditing and role-based behavioral analysis, and will apply machine learning where needed to provide feedback for the system to get smarter.

In the world of patient privacy monitoring, our signature-based auditing consists of smart algorithms to find specific user/patient patterns. We have learned these patterns from working with our customers over time. We have also assigned weights to these algorithms so that auditors can investigate those user/patient accesses that are most likely inappropriate.

Where machine learning comes into play is for Security Audit Manager iQ to learn what happened to that specific user/patient access after the investigation occurred and apply those findings to those algorithms the next time it occurs.

The benefit is all about productivity gains and raising audit accuracy. Using this approach, over time, the auditor will be reducing the number of investigations that are false positive, and thus will investigate only those incidents that have the higher probability of being inappropriate.

Learn more and watch this second video in our series providing insights into the evolution of Security Audit Manager™, the Best in KLAS patient privacy monitoring and breach protection software. If you missed the first video, view it here and watch for the next one coming soon.