Rebecca Herold, The Privacy Professor, has predicted 11 privacy and security trends to watch – and prevent – in 2018.
I think that #5, Increased incidents of insiders selling patient data is likely a trend that we can prevent with regular monitoring of our audit logs of both our computer networks and our EMR's and other software and apps.
Rebecca predicts that “more insiders will take advantage of their access to valuable data because they know there are few logs of their access to catch them, or they see no one is reviewing the logs that do exist. All organizations need to establish access monitoring policies and procedures, and consistently enforce noncompliance.”
[clickToTweet tweet=”Do you know how to view your computer network and EMR software audit logs?” quote=”Do you know how to view your computer network and EMR software audit logs?”]
Audit logs can help you to monitor the activity of authorized and unauthorized users in your computer network and electronic medical record (EMR) and other software applications. Start by reviewing the audit logs ‘by exception'.
For example, if your clinic is open from 9-5, start by reviewing the audit log for user activity when the clinic is closed. Are there any users who consistently forget to log off? Or, are there authorized users who are accessing the network remotely. Is this an acceptable use for these users?
When was the last time that you viewed your audit logs?
You should review the audit logs regularly and keep a journal or checklist of your regular security actions to document your good practices. When you spot potential problems, record the corrective actions that you take to follow-up.
When you have a managed computer network service provider, monitoring computer network traffic may be included in your service package. Remember, you can delegate but you can't abdicate. Your computer network service provider may be able to identify intrusion attempts but you need to review the audit logs regularly to determine if authorized users are using their permissions to properly follow the privacy principles – the least amount of information, on a need to know basis.
Rebecca Herold is President of SIMBUS LLC, a cloud-based privacy and security firm and also CEO of The Privacy Professor, See Rebecca's article here: https://www.healthcareinfosecurity.com/blogs/health-data-privacy-security-what-will-2018-bring-p-2578