PaDent Privacy Monitoring with Splunk

Transcription

1 Copyright 2015 Splunk Inc. PaDent Privacy Monitoring with Splunk Davin Studer Systems Analyst, The Vancouver Clinic

2 Disclaimer During the course of this presentadon, we may make forward looking statements regarding future events or the expected performance of the company. We caudon you that such statements reflect our current expectadons and esdmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentadon are being made as of the Dme and date of its live presentadon. If reviewed aqer its live presentadon, this presentadon may not contain current or accurate informadon. We do not assume any obligadon to update any forward looking statements we may make. In addidon, any informadon about our roadmap outlines our general product direcdon and is subject to change at any Dme without nodce. It is for informadonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligadon either to develop the features or funcdonality described or to include any such feature or funcdonality in a future release. 2

3 The Vancouver Clinic Serving Southwest Washington since 1939 Locally owned and governed Comprehensive and high quality padent care My role as a Systems Analyst IntegraDon of medical systems Improvement of business processes IntroducDon 3

4 Agenda Who should be interested in padent privacy monitoring? Why is padent privacy monitoring Important? What are some of the opdons? How has The Vancouver Clinic approached privacy monitoring? Takeaways 4

5 Who should be interested in padent privacy monitoring? 5

6 Everyone! HIPAA (Health Insurance Portability and Accountability Act) HITECH Act (Health InformaDon Technology for Economic and Clinical Health) Other state/federal reguladons Risk of idendty theq Exposure of sensidve personal data 6

7 Why is padent privacy monitoring important? 7

8 Because the Consequences Are Very Costly 8

9 What are some of the opdons? 9

10 The Bad, The Worse and the Ugly Third- party vendors TradiDonal repordng tools Canned applicadon reports % of charts resembling Pac- Man % of charts not resembling Pac- Man Expensive Requires a dedicated report wridng team You sdll do 80-90% of Steep learning curve the work Expensive plaforms At the mercy of the vendor s Dme table 10 Siloed reports per applicadon Reports you want may not exist or can t be run Limited repordng capabilides

11 or the Good! One interface to search them all Easy to get the data in Searches can be created quickly VersaDle 11

12 The Vancouver Clinic s approach to privacy monitoring 12

13 Timeline of Events 2010 Splunk for IT monitoring Jan Apr 2013 Evaluated privacy monitoring vendors May 2013 Switched to Splunk Server & workstadon logs Network infrastructure ApplicaDon logs Steep upfront and on- going costs Many billed as turn- key soludons, but were not Timelines to compledon were too high We would sdll be doing 80-90% of the work! 13 Data in Splunk within two weeks MulDple reports with real data Ability to produce reports that many vendors could not provide

14 Process Overview EMR Report Reviewer(s) Daily ETL Process ReporDng DB Rolling 30 days Access Logs Geocoded Addresses HR System AcDve Directory Dashboards and Reports SQL scripts 14

15 ImplementaDon HR System Employee ID Join HRIS_AD EMPLOYEE_ID USER_NAME FIRST_NAME LAST_NAME BIRTH_DATE GENDER ADDRESS CITY STATE ZIP_CODE AcDve Directory EMR_USER EMR_USER_ID NAME USER_NAME EMR_ACCESS_LOG EMR_USER_ID PATIENT_ID ADDRESS_GEOCODE ADDRESS CITY STATE ZIP_CODE LATITUDE LONGITUDE EMR_PATIENT PATIENT_ID FIRST_NAME LAST_NAME BIRTH_DATE GENDER ADDRESS CITY STATE ZIP_CODE Daily Geocoding Process 15

16 Reports Employee viewing: VIP Self Neighbor - Offline geocoded all employee and padent addresses - htp:// PaDent at same address Employee - Employee viewing manager - Manager viewing direct report - Employee viewing co- worker 16

17 Snapshot View of All Reports 17

18 Deep Dive InvesDgaDon 18

19 Lessons Learned Key/Value data is much easier to index (ex. key1= value key2= value ) If your data is in a database by all means use DB Connect Work closely with the compliance team to determine the requirements You must start with security in mind as there is PHI involved 19

20 Takeaways Splunk helps us fulfill HIPAA and HITECH requirements for privacy monitoring Saved over $50K + $12K yearly Easy to implement Flexibility to add reports and data sources 20

21 Contact Info: Davin Studer 21

22 QuesDons? 22

23 THANK YOU