us
us

Healthcare privacy and data security

Following HIPAA and HITECH mandates, create a full cross-application audit trail of end-user access to protected health information, detect unauthorized user behavior in real-time, and replay interactions when needed to help detect and prevent fraud.

Anchor: Overview

The Challenge

Healthcare organizations around the world are facing a growing threat to their assets and brand from within—their own management and employees. Suspicious behavior committed by knowledgeable and capable employees who utilize their knowledge of IT systems and controls to manipulate internal systems can cause much greater damage than third parties. In addition, HIPAA and other privacy regulations require a full audit trail of access to patients' data. Mechanisms that track changes to corporate databases are not sufficient, as they typically track update transactions but do not capture critical “read-only”access to data.

Our Solution

Bottomline privacy and data security for healthcare provides the next layer of defense against data leakage, theft, employee snooping, and exposure of VIP health records. The solution enhances the control you have over HIPAA compliance by reducing the risk of human failure to adhere to critically important policies and procedures. The solution is designed to identify and track employee snooping by monitoring each action a user makes, comparing those actions to a set of predefined rules, and using advanced analytics. When an employee action or pattern of actions is defined by the rules as suspicious, an alert is created for compliance officers to review and investigate. Because the system monitors real-time actions as well as historical data, it can flag a variety of different schemes while helping to reduce false positives by learning a user’s typical routine. The solution is ONC Certified HIT 2014 Edition.

Anchor: Resources

Infographic

Patient Privacy Protection: How to Avoid Alert Overload

eBook

Stop Internal Patient Privacy Threats: Four Cases of Potential Internal Threats

White Paper

Shine a Light on the Unknown: Accurately Profiling Patient Privacy Risk in Healthcare

Anchor: Benefits

Benefits

  • Quickly benefit with no time-consuming integration with the organization’s systems and no application-related configurations.
  • Capture all user activity, allowing internal auditors to perform thorough investigations with complete visual replay.
  • Comply with HIPAA and other regulations by generating a detailed cross-platform audit trail of any access to protected health information including read-only queries.
  • Immediately search for all user screens in which specific values appeared during a specific time frame in any application across any platform in the enterprise.
  • Protect the healthcare organization and market value from damage caused by bad publicity following cases of information leakage and identity theft.
  • Reduce internal fraud losses by detecting fraud and other malicious activity in real-time.
  • Enforce corporate security policies by detecting security breaches and exceptions.
Quickly benefit
Anchor: Functionality
System Functionality

Functionality

  • As the system monitors employee behavior, profiles are built for each user which can be used to determine if actions are potentially suspicious or part of their normal job. Example: If one employee frequently works with VIP patients, you would not want alerts going off every time that employee accesses a VIP record. Instead, the system would learn that this is a false positive and add that to the user’s profile.
  • Profiling can also be used to identify suspicious behavior.Example: If a user normally looks at a few records a day but then begins viewing many different records, this could be flagged as suspicious activity for a compliance officer to investigate.
  • A set of proven rules for HIPAA/HITECH compliance come pre-packaged with the solution. These rules leverage years of experience in fraud prevention as well as feedback received from healthcare organizations.
  • Bottomline provides new rules and rule updates that healthcare providers can implement to address the ever changing tactics of cyber criminals use.
  • All alerts generated by the system are displayed in the Investigation Center where they can be tracked and managed by compliance officers. Alerts contain all relevant information to help investigators make rapid decisions about alerts without forcing them to switch between applications.

All Bottomline data security and fraud prevention solutions incorporate Intellinx technology and use a common platform to capture, normalize, analyze, and act. With this platform all data is captured, normalized, encrypted, and signed—making it easy to analyze suspicious behavior over time and across applications, analyze and prevent new types of fraud, ensure compliance, and provide legally admissible forensic evidence. A common user interface for all types of compliance and fraud analysis maximizes productivity of network operators and fraud investigators. Learn more about the Bottomline Cyber Fraud and Risk Management platform.

Other Bottomline Solutions Within Healthcare