Patient records contain sensitive information that must remain private. Therefore, only those who have a treatment relationship with the patient are allowed to access a record. To control this, our parent company Enshore in collaboration with the Martini Hospital Logspect is developing. This application analyzes patient record logs to see if all views were performed with the proper authorization.
Legal obligation NEN7510
The NEN 7510 legally requires healthcare institutions to audit the log data of patient records. But without specific software, it is not possible to do this for all records. Therefore, the NEN 7510 states that the check may also be done manually and randomly. A measure that seems only included due to lack of an automated alternative.
From the IT department of the Martini Hospital, critical consideration was given to a solution: automated log files of all analyze electronic patient records, as required by NEN 7510. Logspect makes this possible. Unlike the sample, this means that the privacy of each patient is better safeguarded.
How does Logspect work?
Logspect analyseert de logdata van patiëntdossiers op verdachte patronen en 'afwijkingen'. Welke patronen verdacht zijn, wordt geconfigureerd worden door de gebruiker (regels opstellen). Afwijkingen (opvallend afwijkende waarden) worden gevonden door Logspect zelf, op basis van statistische berekeningen.
1. Establish rules
It is possible for the user to set up rules that may indicate suspicious patterns. With this, for example, the user chooses to compare values with each other.
Example: the last name of the practitioner accessing a record matches that of the patient.
2. Strikingly anomalous values
Noticeably anomalous values are values in the log data that deviate from "normal. Logspect detects these values and reports them to the user.
Example: On average, a file is requested 5 times per week. If a file is requested 40 times in one week, this contrasts with the normal pattern. Logspect detects this as an anomaly.
Through a dashboard, the user of Logspect receives notifications of the suspicious patterns and abnormalities. These can be investigated further by viewing the practitioner and patient data. This data is displayed pseudonymized. This means that only the connection between the data is meaningful, but not the data itself. Thus, the data is secure and private, allowing the user to conduct unbiased research on the situation.
If the user wants to find out the persons involved after their research, it is possible to trace the pseudonymized data back to the original data. This makes it possible to involve the individuals involved, should the situation call for it.
Improved privacy and processes
Logspect quickly proved itself by coming up with valuable insights. Already in the testing phase, insights surfaced that met the established rules and deviations. This not only provided insights that could be used to improve patient privacy in the future, but also improved processes. In fact, Logspect also reported accesses that were found to be legitimate upon further investigation, but for which the practitioner could not log properly. With these insights, the authorization process to access the EHR was optimized.
Deploy Logspect in your organization? Schedule a demo or visit nestor-security.co.uk/tools/logspect