System and method of fraud and misuse detection

DC CAFC

US 8,578,500 B2
Filed: 03/19/2007
Issued: 11/05/2013
Est. Priority Date: 05/31/2005
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of detecting improper access of a patient'"'"'s protected health information (PHI) in a computer environment, the method comprising:

generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the patient'"'"'s PHI, the rule comprising at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, that is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI;

applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met;

storing, in a memory, a hit if the event has occurred; and

providing notification if the event has occurred.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.

99 Citations

View as Search Results

17 Claims

1. A method of detecting improper access of a patient'"'"'s protected health information (PHI) in a computer environment, the method comprising:
- generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the patient'"'"'s PHI, the rule comprising at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, that is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI;
  
  applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met;
  
  storing, in a memory, a hit if the event has occurred; and
  
  providing notification if the event has occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - normalizing the audit log data to be correlated with known fields based on template information.
  - 3. The method of claim 1, further comprising:
    - obtaining role information of the authorized user; and
      
      wherein the generated rule is based on a user'"'"'s specific role.
  - 4. The method of claim 1, wherein application of the rule to the audit log data comprises determining a misuse of the patient'"'"'s PHI by tracking access by the authorized user of patient'"'"'s PHI of another person.
  - 5. The method of claim 4, wherein the access tracked comprises access by the authorized user in excess of a specific volume of the patient'"'"'s PHI of the another person.
  - 6. The method of claim 5, wherein the access tracked further comprises access over a predetermined time interval.
  - 7. The method of claim 4, wherein the criterion related to the audit log data comprises a relation between the authorized user and the another person sufficient to detect at least one of family member snooping, VIP snooping, co-worker snooping, whole other family snooping.
  - 8. The method of claim 1, further comprising:
    - accessing at least one of select patient'"'"'s PHI or select user data; and
      
      applying the rule further comprises applying the rule to at least one of the select patient'"'"'s PHI or the select user data.
  - 9. The method of claim 8, wherein applying the rule to the audit log data and the select patient'"'"'s PHI comprises analysis of criteria including access by the authorized user of patient'"'"'s PHI of the another person who was discharged from a medical facility more than a specified time period in the past.
  - 10. The method of claim 8, wherein applying the rule to the audit log data and the select user data comprises tracking access by the authorized user of patient'"'"'s PHI of the another person, where the authorized user is a remote physician staff member and the another person is a patient not under the care of the physician for whom the authorized user is a staff member.
  - 11. The method of claim 8, wherein applying the rule to the audit log data and the select user data comprises tracking access by the authorized user of patient'"'"'s PHI of the another person during a timeframe outside the normal work shift of the authorized user.

12. A system for detecting improper access of a patient'"'"'s protected health information (PHI) in a health-care system computer environment, the system comprising:
- a user interface for selection of at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, representing at least one of transactions or activities associated with the patient'"'"'s PHI that is indicative of improper access of the patient'"'"'s PHI within the health-care system computer environment by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI, and for selection of a schedule for application of a rule for monitoring audit log data representing at least one of the transactions or the activities;
  
  a microprocessor in communication with the user interface and having access to the audit log data representing the transactions or the activities of the patient'"'"'s PHI, the microprocessor generating the rule based at least in part on the at least one criterion selected and applying the rule to the audit log data according to the schedule selected in order to determine if an event has occurred,wherein the event occurs if the at least one criterion has been met,wherein the microprocessor stores a hit if the event has occurred, andwherein the microprocessor provides notification if the event has occurred.
- View Dependent Claims (13)
- - 13. The system of claim 12, wherein application of the rule to the audit log data comprises determining a misuse of the patient'"'"'s PHI by tracking access by the authorized user of patient'"'"'s PHI of another person.

14. A non-transitory computer-readable medium with computer-executable instructions embodied thereon for performing a method of detecting improper access of a patient'"'"'s protected health information (PHI) in a health-care system computing environment, the method comprising:
- providing a selection of a criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, representing at least one of transactions or activities associated with the patient'"'"'s PHI within the health-care system computing environment, wherein the criterion is indicative of improper access of the patient'"'"'s PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient'"'"'s PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient'"'"'s PHI;
  
  generating a rule based at least in part on the criterion for monitoring the at least one of the transactions or the activities;
  
  providing a selection for a schedule for application of the rule to the at least one of the transactions or the activities;
  
  applying the rule according to the schedule selected to the at least one of the transactions or the activities to determine if an event has occurred, the event occurring if the criterion has been met;
  
  storing a hit if the event has occurred; and
  
  providing notification if the event has occurred.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer-readable medium of claim 14, wherein the providing the criterion is indicative of fraudulent claims filed by the authorized user of the health-care system computing environment with authorized access to the patient'"'"'s PHI.
  - 16. The non-transitory computer-readable medium of claim 14, wherein application of the rule to the audit log data comprises determining a misuse of the patient'"'"'s PHI by tracking access by the authorized user of patient'"'"'s PHI of another person.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the access tracked comprises access by the authorized user to a predetermined number of patient'"'"'s PHI of the another person.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Fairwarning IP LLC
Original Assignee
Kurt James Long
Inventors
Long, Kurt James
Primary Examiner(s)
LEWIS, LISA C

Application Number

US11/687,864
Publication Number

US 20070220604A1
Time in Patent Office

2,423 Days
Field of Search

726/22, 726/26
US Class Current

726/26
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

G06F 2221/034   Test or assess a computer o...

G06Q 10/06   Resources, workflows, human...

G06Q 10/0635   Risk analysis of enterprise...

Y02A 90/10   Information and communicati...

System and method of fraud and misuse detection

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

99 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method of fraud and misuse detection

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others