We all know that as EMRs replace paper records, it is impossible to manually review millions of audit logs to check for potential patient privacy breaches. As a result, in the past, most organizations resorted to random audits. I want to believe that a majority of healthcare organizations are now using technology to automate the monitoring of these patient access logs.
In addition to using technology to automate monitoring, there is another dimension to patient privacy monitoring — doing everything possible to reduce the number of audits that need to be evaluated. It makes sense, right? You want to use monitoring technology to search and find that potential breach, but you also want to make sure that your auditors are spending time on the most likely cases of a patient privacy breach.
Our goal is to help you reduce the time it takes to audit by using a combination of four methods:
- Filter out “False Positives”
- Use analytics to apply weights to the audits, and rank by severity
- Use behavioral analytics to find inappropriate behavior by showing changes in activity/volumes from normal, established (baseline) levels
- Filter out known routines, users, and devices
“False positives” is a term that is often used when looking at reducing the amount of audits by eliminating those audit logs that we know to be appropriate. These are situations that occur between the user and patient that you know have a high percentage of being justifiable. For example: a care team member looks at a patient record when he or she is on duty, and is on the same floor as the patient. If we can flag these types of “False Positives," then there are fewer audits that require review. Security Audit Manager™ flags false positives by filtering out “known likely appropriate” events between a user and a patient — only the questionable access events remain.
We use analytics to find the most probable privacy violations using pre-built algorithms that apply weights to the audits, and then rank by severity. This ensures that the most likely cases of inappropriate access rise to the top. Prioritizing events by risk helps our customers focus on the accesses with the highest probability of being inappropriate. This helps organizations more easily protect patient data and achieve HIPAA and HITECH compliance.
Many of our customers want to see if users are doing something abnormal, and if there is a spike in their behavior. For example, a care team member typically accesses patient records 10-20 times during a daily work schedule. Healthcare organizations want to know if, for example, a user is accessing 100 patient records during a period of time. This could be insider snooping or, in more severe cases, a disgruntled employee. Or in a cyber security event, someone could be masking as that user and stealing patient information.
We also give the auditor the ability to use filtering to exclude known routines such as batch jobs or status board displays. We have extended this filtering to known users such as System and Script users, and known devices such as background jobs, instrument devices, and file servers. You can also filter in specific events to see instances where a user action may have only viewed, printed, or even downloaded a patient record.
All of these methods will increase auditors' productivity, and allow them to focus on those audits that require further investigation and have the highest risk of being inappropriate. This approach helps organizations more easily protect patient data and achieve HIPAA and HITECH compliance while protecting patient trust.
If you would like more information on this topic, please attend our upcoming webcast on March 15th at 2:00 p.m. ET, Preventing Privacy Breaches.