System and method of fraud and misuse detection
DC CAFCFirst Claim
1. A method of detecting improper access of a patient'"'"'s protected health information (PHI) in a computer environment, the method comprising:
- generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the patient'"'"'s PHI, the rule comprising at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, that is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI;
applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met;
storing, in a memory, a hit if the event has occurred; and
providing notification if the event has occurred.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.
99 Citations
17 Claims
-
1. A method of detecting improper access of a patient'"'"'s protected health information (PHI) in a computer environment, the method comprising:
-
generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the patient'"'"'s PHI, the rule comprising at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, that is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI; applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting improper access of a patient'"'"'s protected health information (PHI) in a health-care system computer environment, the system comprising:
-
a user interface for selection of at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, representing at least one of transactions or activities associated with the patient'"'"'s PHI that is indicative of improper access of the patient'"'"'s PHI within the health-care system computer environment by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI, and for selection of a schedule for application of a rule for monitoring audit log data representing at least one of the transactions or the activities; a microprocessor in communication with the user interface and having access to the audit log data representing the transactions or the activities of the patient'"'"'s PHI, the microprocessor generating the rule based at least in part on the at least one criterion selected and applying the rule to the audit log data according to the schedule selected in order to determine if an event has occurred, wherein the event occurs if the at least one criterion has been met, wherein the microprocessor stores a hit if the event has occurred, and wherein the microprocessor provides notification if the event has occurred. - View Dependent Claims (13)
-
-
14. A non-transitory computer-readable medium with computer-executable instructions embodied thereon for performing a method of detecting improper access of a patient'"'"'s protected health information (PHI) in a health-care system computing environment, the method comprising:
-
providing a selection of a criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, representing at least one of transactions or activities associated with the patient'"'"'s PHI within the health-care system computing environment, wherein the criterion is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI; generating a rule based at least in part on the criterion for monitoring the at least one of the transactions or the activities; providing a selection for a schedule for application of the rule to the at least one of the transactions or the activities; applying the rule according to the schedule selected to the at least one of the transactions or the activities to determine if an event has occurred, the event occurring if the criterion has been met; storing a hit if the event has occurred; and providing notification if the event has occurred. - View Dependent Claims (15, 16, 17)
-
Specification