Healthcare IT News notes, "impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS."
They also note that systems' audit trails aid in catching those inappropriately accessing patient records. Unfortunately, although there are meaningful use audit log requirements, and the HIPAA Security Rule, HITECH Act and the Joint Commission have audit log and patient privacy requirements as well, for most organizations this hasn't translated into proactive detection of breaches. Why not?
"Impermissible uses and disclosures of protected health information remains the top compliance issue pertaining to HIPAA privacy and security breaches, according to data from HHS.."While it's true systems' audit logs hold information about access to protected health information (PHI), the reports that systems can generate, even from the latest EHRs, are unable to deliver a unified view across all clinical and business systems and discern which user access is work related and which is a patient privacy breach. Moreover, the volume of raw data in logs is overwhelming, making analytics the only method for uncover what matters among the data.
For proactive privacy breach detection an Identity and Access Intelligence (IAI) approach is needed. IAI, offered as low-cost on-demand SaaS analytics services, includes behavioral analytics to deliver complete details on all users and patients.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Nosy employees? Follow the audit trail - www.HealthcareITnews.com, 11/05/2013