PRIVACY INFORMATION AND EVENT MANAGEMENT (PIEM)
WHAT DATA GOES INTO PIEMS AND HOW DO THEY WORK?
PIEMs work primarily on structured logs that are correlated with structured contextual information – understanding the semantics, relationships and types of data are essential for privacy auditing.
WHAT IS SPECIAL ABOUT HEALTHCARE TO REQUIRE THE NEED FOR A PIEM?
EMR access audits require clinical context to investigate a potential issue. This clinical context data is not captured in the audit log, rather it is found in the EMR’s encounter data (patient records).
WHY IS USER BEHAVIOR ANALYTICS NOT THE MOST EFFECTIVE APPROACH IN PRIVACY MONITORING?
When a user accesses a record, he or she controls the specific order of accesses, the fields clicked, and access timing. Because the user has knowledge of the EMR system and its normal workflows, users can circumvent detection by clicking more often or more deliberately. PIEMs rely on the context surrounding an access, not just the access itself. PIEMs base their analyses on context that users cannot easily manipulate without detection such as appointment information, diagnosis codes or human resource information.
DO HEALTH ORGANIZATIONS NEED BOTH A SIEM & A PIEM?
Yes, SIEMs defend against some types of attacks, but are not designed for the specific challenges of protecting patient data. PIEMs allow for additional monitoring at the application layer, cross-referencing clinical context, and allowing non-technical privacy professionals to investigate accesses to protected health information.