EMPLOYEE SNOOPING

thumbnail_man-working-on-a-laptop-from-side-view.png

Patient Privacy Breaches are an all too common occurrence in today's Healthcare environment. One specific breach type is categorized as "snooping," a case in which an employee has violated federal law by viewing patient records they were not authorized to access. SPHER maintains detectors that examines the daily activity of each credentialed user and looks for the anomalies typically associated with an employee looking at a family member, relative, neighbor or co-worker's medical record. In 90% of our "Go-Live" activities, SPHER will identify multiple instances of employees looking at medical records where they had no workflow related reason for the access. As a result of an OCR investigation, any CE/BA can be fined up to $1.5 million per HIPAA snooping violation in the case of willful neglect, in addition to individual lawsuits which may result from the breach notification process.

TIME OF ACCESS

Patient Privacy Breaches are an all too common occurrence in today's Healthcare environment. One specific breach type is categorized as "snooping," a case in which an employee has violated federal law by viewing patient records they were not authorized to access. SPHER maintains detectors that examines the daily activity of each credentialed user and looks for the anomalies typically associated with an employee looking at a family member, relative, neighbor or co-worker's medical record. In 90% of our "Go-Live" activities, SPHER will identify multiple instances of employees looking at medical records where they had no workflow related reason for the access. As a result of an OCR investigation, any CE/BA can be fined up to $1.5 million per HIPAA snooping violation in the case of willful neglect, in addition to individual lawsuits which may result from the breach notification process.

Records Per Hour

folder (1).png

In the event of an large volume of medical records being accessed and exfiltrated from a healthcare facility system, the covered entity would want to be Alerted to the Incident. SPHER creates a behavioral map of each users record access profile, looking for instances when the volume of record would be out of the normal pattern of the user and thus indicative of potential malfeasance and a breach. Whether its accessing 1500 records to email to someone outside of the workflow process, or attempting to access and print thousands of medical records which could then be passed on to someone for use in tax fraud or an identity theft scenario, SPHER is constantly monitoring the users access to the records and alerting the Privacy Officer to the incident in a timely manner consistent with State and Federal breach reporting laws and regulations.