Healthcare privacy breach prevention through integrated audit and access control
First Claim
1. A non-transitory computer-readable medium for storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
receive an access log for a medical records database,the access log including information identifying occasions in which users access medical records in the medical records database;
map the access log for the medical records database to generate a mapped log,the mapped log comprising information identifying roles associated with the users, information identifying accesses of the medical records by the users, and user identifications,the mapped log including a plurality of mapped role-access pairs;
reduce the mapped log to generate a reduced log,the reduced log comprising role-access pair statistics associated with a mapped role-access pair of the plurality of mapped role-access pairs,the role-access pair statistics including an average access for a user associated with the mapped role-access pair, an identification of the user associated with the mapped role-access pair, and an access count associated with the user;
derive an updated access policy for the medical records database based on the reduced log,the updated access policy including a plurality of proposed role-access pairs;
proxy access, of client devices, to the medical records database according to the updated access policy;
assign the plurality of proposed role-access pairs to risk subsets,the risk subsets comprising;
underrepresented role-access pairs of the plurality of proposed role-access pairs,underutilized role-access pairs of the plurality of proposed role-access pairs,utilized role-access pairs of the plurality of proposed role-access pairs, andunutilized role-access pairs of the plurality of proposed role-access pairs;
determine, based on sizes associated with the risk subsets, a level of compliance with a privacy requirement based on assigning the plurality of proposed role-access pairs to the risk subsets; and
provide the level of compliance.
0 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for compliance with a privacy requirement. The method comprises analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; and deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs. The method further comprises generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.
-
Citations
22 Claims
-
1. A non-transitory computer-readable medium for storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive an access log for a medical records database, the access log including information identifying occasions in which users access medical records in the medical records database; map the access log for the medical records database to generate a mapped log, the mapped log comprising information identifying roles associated with the users, information identifying accesses of the medical records by the users, and user identifications, the mapped log including a plurality of mapped role-access pairs;
reduce the mapped log to generate a reduced log,the reduced log comprising role-access pair statistics associated with a mapped role-access pair of the plurality of mapped role-access pairs, the role-access pair statistics including an average access for a user associated with the mapped role-access pair, an identification of the user associated with the mapped role-access pair, and an access count associated with the user; derive an updated access policy for the medical records database based on the reduced log, the updated access policy including a plurality of proposed role-access pairs; proxy access, of client devices, to the medical records database according to the updated access policy; assign the plurality of proposed role-access pairs to risk subsets, the risk subsets comprising; underrepresented role-access pairs of the plurality of proposed role-access pairs, underutilized role-access pairs of the plurality of proposed role-access pairs, utilized role-access pairs of the plurality of proposed role-access pairs, and unutilized role-access pairs of the plurality of proposed role-access pairs; determine, based on sizes associated with the risk subsets, a level of compliance with a privacy requirement based on assigning the plurality of proposed role-access pairs to the risk subsets; and provide the level of compliance. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A method, comprising:
-
receiving, by a computing device, an access log for a medical records database, the access log including information identifying occasions in which users access medical records in the medical records database; mapping, by the computing device, the access log for the medical records database to generate a mapped log, the mapped log comprising information identifying roles associated with the users, information identifying accesses of the medical records by the users, and user identifications, the mapped log including a plurality of mapped role-access pairs; reducing, by the computing device, the mapped log to generate a reduced log, the reduced log comprising role-access pair statistics associated with a mapped role-access pair of the plurality of mapped role-access pairs, the role-access pair statistics including an average access for a user associated with the mapped role-access pair, an identification of the user associated with the mapped role-access pair, and an access count associated with the user; deriving, by the computing device, an updated access policy for the medical records database based on the reduced log, the updated access policy including a plurality of proposed role-access pairs; proxying, by the computing device, access of client devices to the medical records database according to the updated access policy; assigning, by the computing device, the plurality of proposed role-access pairs to risk subsets, the risk subsets comprising; underrepresented role-access pairs of the plurality of proposed role-access pairs, underutilized role-access pairs of the plurality of proposed role-access pairs, utilized role-access pairs of the plurality of proposed role-access pairs, and unutilized role-access pairs of the plurality of proposed role-access pairs; determining, by the computing device and based on sizes associated with the risk subsets, a level of compliance with a privacy requirement based on assigning the plurality of proposed role-access pairs to the risk subsets; and providing, by the computing device, the level of compliance. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A device, comprising:
-
a memory to store instructions, one or more processors, coupled to the memory, to; receive an access log for a medical records database, the access log including information identifying occasions in which users access medical records in the medical records database; map the access log for the medical records database to generate a mapped log, the mapped log comprising information identifying roles associated with the users, information identifying access of the medical records by the users, and user identifications, the mapped log including a plurality of mapped role-access pairs; reduce the mapped log to generate a reduced log, the reduced log comprising role-access pair statistics associated with a mapped role-access pair of the plurality of mapped role-access pairs, the role-access pair statistics including an average access for a user associated with the mapped role-access pair, an identification of the user associated with the mapped role-access pair, and an access count associated with the user; derive an updated access policy for the medical records database based on the reduced log, the updated access policy including a plurality of proposed role-access pairs; proxy access, of client devices, to the medical records database according to the updated access policy; assign the plurality of proposed role-access pairs to risk subsets, the risk subsets comprising; underrepresented role-access pairs of the plurality of proposed role-access pairs, underutilized role-access pairs of the plurality of proposed role-access pairs, utilized role-access pairs of the plurality of proposed role-access pairs, and unutilized role-access pairs of the plurality of proposed role-access pairs; determine, based on sizes associated with the risk subsets, a level of compliance with a privacy requirement based on assigning the plurality of proposed role-access pairs to the risk subsets; and provide the level of compliance. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification