Ideally a healthcare organization will take a two pronged approach to cybersecurity – reactive and proactive.

A reactive approach involves linear reporting and action. An example of reactive reporting would be asking the question, “Did Mary access a patient’s record last week inappropriately?” You would run a report to see if that was the case and if so, take appropriate action with Mary such as re-education of the rules surrounding appropriate access. The reactive approach is currently the norm.

A proactive approach learns from patterns and understands what is normal access to different types of patients and populations for each user. With a proactive approach, access profiles can be built to alert you when someone access data beyond their normal scope. For example, if Mary is an OBGYN provider who typically works from 8am – 2pm on weekdays, she shouldn’t be accessing the patient records of a male patient at 7pm. Often, the system can send the user a message when they access a patient record inappropriately and direct them to refer back to established policies and procedures. These automated messages tend to help curb in appropriate access.