July 27, 2016

Five Components of a Proactive Patient Privacy Analytics Platform

Kira Caban

As more healthcare organizations switch from paper to electronic health records (EHRs), the ability of those organizations to secure electronic records becomes more and more important. And with threats becoming increasingly common and costly, healthcare organizations need to carefully consider how they are going to prevent security breaches and what key components are necessary in a security platform in order to counter attempts to steal their patients’ health data.

Research and recent events indicate that the best way to prevent security breaches is to have a proactive patient privacy analytics platform that includes these five must-have components to keep their patient data safe:

  1. Detect Threats to Patient Data
  2. Elevate True Threats - Not False Positives
  3. Analyze for Immediate Action
  4. Assess and Collaborate
  5. Learn and Adapt

Detect Threats to Patient Data

The first step in preventing illegitimate access to electronic health records (EHRs) is, of course, to detect any possible threats. In order to detect these threats, an analytics platform needs to monitor EHRs 24/7. Research suggests that insider attacks are some of the most dangerous threats to EHRs. Whether those attacks are the result of malicious actors or simple negligence, “many significant data breaches are ultimately an ‘inside job.’” An analytics platform must, therefore, monitor each and every user for illegitimate access, and it must also understand the complexities of healthcare organizations so that it can detect anomalies and identify them as threats.

Elevate True Threats - Not False Positives

Once a threat has been identified, the next step is to elevate it to security officials so they can handle it effectively. The use of artificial intelligence is key here; if an analytics platform is elevating false positives, security officials have to sift through a host of potential threats in order to find the actual ones, and this wastes precious time, time that could be spent eliminating real threats. An accurate analytics platform gives security officers the assurance that the threats being elevated to them are ones that require action.

Robert-HealthITNews-Posterimage.png

Robert Lord of Protenus talks about the next generation of threats

Analyze for Immediate Action

Once a threat has been identified and security officers have been alerted, an analytics platform must also provide the tools to quickly analyze that threat. It has been estimated that it can take up to 200 days to identify an insider threat. And if a breach does occur, the results can be devastating. In 2013, the Oregon Health & Science University (OHSU) suffered two instances in which over 7,000 patient records were breached. OHSU signed an agreement with the U.S. Department of Health and Human Service’s Office of Civil Rights (OCR) to pay $2.7 million and put a 3-year plan into action in order to ensure that any potential weaknesses in their security were addressed. Such breaches will also affect patient trust, and patients may decide to entrust their healthcare to another organization if they do not believe their records are being kept safe. In short, healthcare organizations cannot afford delays in detecting threats; they need an analytics platform that can identify and elevate a threat to security officers in minutes – not days – so they can react rapidly when a threat is identified.

Assess and Collaborate

A platform that uses artificial intelligence to create a report with natural-language explanations of incidents enables security officers to simply approve the report and send it on its way. Furthermore, there are many actors when it comes to protecting EHRs, including compliance, security, and privacy officers, and these officers must be able to collaborate together. Security and privacy officers, in particular, need to work closely together. An article on the Touchstone Compliance website refers to these officers as the “Batman and Robin” of HIPAA Compliance. Only by collaborating together can security and privacy officers ensure that EHRs are kept secure and accessed legitimately. Thus, supervisors must be able to review the work of their officers; the officers themselves must be able to track what their co-workers have done; and these features must all be seamlessly integrated into an analytics platform to allow security officers to do their job quickly and efficiently.

Learn and Adapt

Finally, an analytics platform needs to be able to learn and adapt. The threats facing healthcare organizations today are not the same ones they will be facing tomorrow as malicious actors change their tactics and try to exploit new weaknesses. Thus, an analytics platform must include machine learning so that it can incorporate lessons learned from past threats in order to fight future ones more effectively.

Only by combining threat detection, analysis, assessment, and collaboration with machine learning and an understanding of how healthcare organizations work will an analytics platform possess the ability to fight the threats of the future and protect a healthcare organization’s electronic health records. And by securing their EHRs, those organizations are protecting something far more important: the privacy of their patients.

See how one hospital used these five must-have components to select their proactive patient privacy analytics platform and achieve a more robust security posture.

View Case Study