HEALTHCARE PRIVACY BREACH PREVENTION THROUGH INTEGRATED AUDIT AND ACCESS CONTROL
First Claim
1. A computer-implemented method for compliance with a privacy requirement, the method comprising:
- analyzing, using one or more processors, an access log related to a history of users accessing records;
deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users;
deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs;
generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and
deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for compliance with a privacy requirement. The method comprises analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; and deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs. The method further comprises generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.
30 Citations
22 Claims
-
1. A computer-implemented method for compliance with a privacy requirement, the method comprising:
-
analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs; generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for compliance with a privacy requirement, the system comprising:
-
a mapper module configured to analyze an access log related to a history of users accessing records, to derive a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users, and to derive a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs; a reducer module configured to generate a reduced log including a plurality of reduced records comprising a mapped role-access pair; and an analyzer module configured to derive statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable medium storing a computer program, wherein the computer program, when executed by one or more processors, causes the one or more processors to perform a method for compliance with a privacy requirement, the method comprising:
-
analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs; generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.
-
Specification