Written by Karen Pursch, Director, Patient Privacy Solutions
We all remember in 2005 when Amazon started tracking customer habits, and built sophisticated tools to recommend more purchases and direct your searches toward products it thinks you’re most likely to want.
That's the use case I think about when the subject of behavioral analysis comes up. The more the software can learn about the person, their demographics, their buying and web-browsing habits, the better Amazon can sell products to them.
In healthcare, specifically patient privacy monitoring and breach detection, those same behavioral principles can be applied to find suspicious or inappropriate behavior. The more we know about the behavior and role of the user — their schedule, their facility, their departments (surgical ward, outpatient clinic, emergency room, critical care…), number of patients they work with during their shift, and so on — the better we can find patterns as they begin to emerge.
That is what we are doing with Haystack Patient Privacy Monitoring. With user-based behavioral analysis, we learn and analyze users within roles to identify patterns.
A simple example is a caregiver that has been grouped into the “nurse” role. This nurse works an 8-5 shift, works in the “Baystate” hospital, typically has 30 patient accesses during the work shift, and works with patients in critical care. We know this because we have been learning about this user over time, and the typical patterns of that role. If we see a jump in user/patient accesses, for example, 60 in one day, or see many accesses outside of the critical care unit, we can then flag these events and put them in a worklist to be further investigated by the privacy auditor.
During the investigation, the analysis is represented to see accesses that are outliers, and see those behaviors that are outside the normal baseline.
At iatricSystems, we want to make sure emerging technology does everything to help the productivity of the auditor. We use smarter algorithms with automated worklists that let the patient privacy auditor know what are the top events to investigate. And with role-based behavioral analysis, the investigations are comprehensive, allowing you to see patterns that might otherwise be hidden.
Contact me for more information.
