SPHER is the frontline defense against the day-to-day threat of patient privacy violations resulting from inappropriate access to Protected Health Information.
SPHER monitors user activity on your most sensitive clinical applications,identifying suspicious user behaviors and providing actionable intelligence to improve your security framework.
During Step 2 above, SPHER leverages pattern recognition algorithms to determine if there was suspicious behavior on the EHR. It does this by comparing past behaviors to behaviors in the audit log file SPHER is currently reviewing. For example, SPHER may have learned over the past months that an EHR user named John is typically active between 8 AM and 4 PM. In the current audit log file, SPHER notices that John was active on the EHR from 4 PM to 12 midnight which causes SPHER to send you an unusual time of access alert.
You log into your customized SPHER dashboard to investigate the incident (step 4 above). You review the incident description which says it’s for activity at an unusual time. You know that John’s shift recently changed from 8 PM to 4 AM. Going through the SPHER incident resolution process, you indicate that this behavior is Normal and Permitted. Based on this feedback, SPHER has now learned that this is normal EHR behavior for John and will not send an alert the next time it sees EHR activity for John during this new time span. As normal behavior on your EHR changes, SPHER learns and does not send false alerts for behaviors you’ve already indicated are normal.