Patients should be able to trust that their medical records are in safe and trusted hands with the health care provider. This was also the opinion of the Ommelander Hospital Groningen (hereinafter: Ommelander Hospital), where patient privacy is central. The hospital ensures careful handling of patients' personal data. Therefore, the Ommelander Ziekenhuis has been using our applicationLogspect.
Logspect systematically analyzes the log files of the electronic patient record and checks whether all accesses have been carried out lawfully. In this way Logspect helps the hospital to keep a grip on data access and to identify possible misuse at an early stage. With Logspect, the Ommelander Hospital is taking an important step towards honest and safe care.
Legal obligation NEN 7510 and NEN 7513
The NEN 7510 legally obliges healthcare institutions to systematically check the log data of patient records. The additional NEN 7513 standard provides further details on logging. Because the monitoring involves a lot of data, the Ommelander Hospital has chosen to use Logspect for systematic, automated monitoring. Previously, spot checks were done through labor-intensive research. This approach had several disadvantages, according to Gezinus Bovenhuis (Data Protection Officer) and Nienke Nieland (lawyer):
- Employees had to manually export data from the Electronic Patient Record (EHR), scheduling package and HR system. These sample exports, which comprised about 10,000 lines each month, then had to be manually merged and compared. This process was not only time intensive, but was also error-prone.
- With this procedure, the Ommelander Hospital did not fully comply with the requirements of the NEN 7510, which states that log data must be systematically checked. Checks were not risk-based. The checks took place with a one-month delay, making it difficult to determine the reason for accessing a patient's file.
Logspect as a solution
The disadvantages of the old way of working caused the Ommelander Hospital to look for a solution. The organization set a number of criteria for this: systematic control, user-friendliness and compatibility with existing systems (EPD, scheduling package, HR system). The choice fell onLogspect, a proven solution already successfully deployed at Martini Hospital.
How does Logspect work?
Logspect analyzes patient record log data for illegitimate patterns and "anomalies. Which patterns are illegitimate is determined by the user by setting up rules. Things like location, patient specialty, workplace and employee function are recorded. Deviations (strikingly different values) are found by Logspect itself, based on statistical calculations.
1. Setting rules
It is possible for the user to set up rules that may indicate views without a treatment relationship. With this, the user chooses, for example, to compare values with each other.
Examples: Specialty patient is different from authorization/function employee, location of patient is different from workplace employee, time of care treatment in relation to time of inspection.
2. Strikingly anomalous values
Notable anomalous values are values in the log data that contrast with the authorization device. Logspect detects these values and reports them to the user.
Example: On average, a file is requested five times a week. If a file is requested forty times in one week, this contrasts with the normal pattern. Logspect detects this as an anomaly.
'Logspect provides all reports of unlawful patterns and anomalous values again in one clear dashboard. This enables us to take follow-up steps for further investigation.' says Nienke Nieland, legal counsel at Ommelander Hospital.
The result: more grip and confidence
'The quality of our monitoring has improved enormously,' says Gezinus Bovenhuis (FG at Ommelander Hospital). 'If an employee accesses files without the proper authorization, we see it now. Previously that could slip through the sample. Thanks to Logspect, our patients can be confident that their data is handled carefully and confidentially.'
With the deployment of Logspect, the Ommelander Hospital shows that it not only complies with laws and regulations, but also actively invests in the trust of its patients. By continuously and intelligently monitoring log data of patient records, privacy protection becomes more than an administrative burden and a standard part of professional care.
Do you have any questions about Logspect? Then feel free to contact Tjardo Douwstra.
We develop Logspect in cooperation with our partner Enlite.