In most of the Help Me With HIPAA podcasts, Donna and David tell you that technology can not be the solution to everything. That may be true, but in Do you audit your EHR logs? – Ep 329, Ray Riddle, CEO of SPHER has created a fantastic solution that can certainly save you time, make your life easier, and help you protect your patients privacy, all at the same time. That sounds like a win, win, win, right?!
We will get to the life altering tool in just a minute. First, let’s talk about MICE. Do you have them and if you do, how can you catch them? We are not talking about the cute little rodent that leaves little crumbs everywhere and gives you a heart attack when they run out across your feet. This MICE is a term that the Information Systems Audit and Controls Association (ISACA) published in a report called A Holistic Approach to Mitigating Harm from Insider Threats. They have a whole section on MICE (Money, Ideology, Coercion, Ego). MICE describes four motivations that can influence an employee to do bad things. Even if you have a great staff, things can happen in their life that may make them vulnerable to bad actors. Think about your staff. Do you know if someone has overwhelming debt? The sort of debit that short of winning the lottery will take years to pay off? Do you know if an employee feels betrayed by the current political climate or a religious ideology? Do you know if someone has participated in something outside of work that they don’t want anyone to find out about and could be blackmailed to keep quiet? Is everyone on your staff happy? Do you know if someone is going through a bad breakup or divorce or even being abused in some way at home? These are just some of the motivators that could turn a great employee into an insider threat to patients’ privacy and your business reputation.
Let’s keep in mind that an insider threat is not always a malicious threat. Insiders can also be a threat unintentionally. By misplacing a company laptop, mistyping an email address and accidentally sending sensitive information to the wrong recipient, or even by simply making a mistake.
This is where SPHER comes in. SPHER’s tool provides an end-to-end privacy and security compliance analytics solution that detects potential unauthorized access to healthcare ePHI. SPHER monitors all your user activity and identifies suspicious user behaviors. Your business will get a report every 24 hours that takes about 10 minutes a day to review. If you are reviewing your access logs and doing them correctly, it is most likely taking you 7 to 8 hours per week. Listen to Do you audit your EHR logs? – Ep 329 and hear how SPHER alerted one company to the fact that a list of credentials had been stolen and the company did not even know they had been compromised. SPHER identified an unusual access and within 24 hours, alerted the company and they were able to take action.
SPHER is a great tool to help you identify unauthorized records access, makes it easier for you to know who is accessing your ePHI and helps you protect patients’ privacy.
Don’t forget to check out the
September 12 – 15, 2022
at the Hyatt Regency in Louisville, KY