In collaboration with the Martini Hospital we have developed Logspect. Logspect is an application that analyzes consultations of an electronic patient record (EHR). The goal is to use this to better ensure patient privacy.
Legal obligation NEN7510
Consultation of an EHR is permitted only for personnel who have a treatment relationship with the patient. The NEN 7510 requires healthcare institutions by law to monitor this. This is not an easy task. Without specific software, it is not possible to analyze thousands of log lines per day. This is why the NEN 7510 states that checking may also be done manually and on a random basis. A measure that seems to have been included only for lack of a better alternative. The IT department of the Martini Hospital took a critical look at a solution: automatically analyzing all log files of electronic patient records, as prescribed by the NEN 7510.
Fully automated analysis
With Logspect, we enable automated analysis of 100% of EHR consultations. Unlike the sample, this means that the privacy of all patients can be better guaranteed. In addition, this meets the initial requirement of the NEN 7510.
How it works. Logspect makes it possible to detect and investigate anomalies in log data. This involves examining whether the connection between the person viewing the patient record and the patient in question can be explained. If the access request cannot be explained, this is grounds for further investigation.
How does Logspect detect anomalies in log data?
Logspect analyzes patient record log data for anomalies. These anomalies can be detected in two ways:
1. User sets rules
It is possible for the user to set up rules that can indicate deviations. With this, the user chooses, for example, to compare values with each other.
Example: the last name of the staff member accessing a record matches that of the patient.
2. Striking values
Striking values are values in the log data that deviate from the "normal" pattern. Logspect detects these values and marks them as deviations.
Example: On average, a file is requested 5 times per week. If a file is requested 40 times in one week, this contrasts with the normal pattern. Logspect detects this as abnormality.
Through a dashboard, the user of Logspect receives notifications of detected anomalies. These can be investigated further by viewing the data of the employee and patient involved. This data is displayed pseudonymized. This means that only the connection between the data is meaningful, but not the data itself. Thus, the data are secured and the user can analyze the situation without bias.
If the user wishes to investigate the situation further after analyzing an anomaly, it is possible to trace the pseudonymized data back to the original data. It is thus possible to identify the individuals involved, should the situation call for it.
Improved privacy and process optimization
Logspect has already proven itself in the testing phase. Analyzing the log data resulted in records that matched the established rules and deviations. This not only provided insights with which to better safeguard patient privacy in the future, but also to improve processes. In fact, there were also records that were flagged as deviations where access to the patient record was found to be legitimate. For those situations, the authorization process to access an EHR was improved.
Using Logspect?
We offer Logspect through our partner Nestor Security. Working together, we implement the tool and make sure you can analyze your log data.