Do you work at a hospital or large healthcare facility? The reason I included this article is due to the fact that we keep hearing about celebrity files being looked at by healthcare workers who are curious, not involved in the patient’s care.
Word to the wise, audit trails are up and running and if you work in a healthcare facility, chances are your steps are being tracked, so if you decide to get curious and look into records outside of the patients you are working with, well guess what, the audit trails tell all, so best bet, don’t get curious and make the news and put your position in jeopardy, as you are being tracked and the reports will come back and show who was doing what, when, and how. This is from Dr. Halamka, CIO at Beth Israel Hospital/Harvard on his blog this week. Also the records are kept for 20 years, so there’s a lot of history building. Once reports are created, red flag alerts are readily made available as anything outside the normal realm is immediately made visible. BD
At BIDMC and other Caregroup hospitals, auditing is a critical component of HIPAA compliance and ensuring patient privacy. We currently have 1 billion rows of audit data from 146 mission critical clinical applications. Our comprehensive audits of every clinical lookup yield 300,000 – 500,000 transactions per day. HIPAA requires an audit system to record who is looking up what, where and why. We need to keep these audit logs for 20 years.
We use a SQL Server Integration Service (SSIS) package every 15 minutes to fetch through the Audit files and upload the data to Central SQL Audit DB Repository.
Then, we use SQL Reports to query and view the audited data (i.e. who made this change, who modified a table, who insert/update/del a record)
Our next step is to process all audit data with SQL Server Analysis Services, create cubes to analyze the collected data, and build reports/alerts based on threshold (e.g. on average there are 10,000 logins/day, an alert will raise if we exceed the threshold)