Analysis of PACS audit logs proves fruitful

Erik L. Ridley
Oct 30, 2003

Maintaining HIPAA-compliant security and privacy practices in a PACS environment isn’t easy, with myriad healthcare personnel requiring access to images and reports. But a new solution -- analyzing audit logs with a multidimensional online analytical processing (OLAP) tool -- has proved highly efficient in identifying security problems and analyzing departmental benchmarks, according to Bob Coleman, director of radiology informatics at Maine Medical Center in Portland, ME.

"Multidimensional analysis is a great tool (for analyzing audit logs)," he said. "It's (also) easily expanded beyond audit logs: you can use it for completely analyzing your departmental workflow."

Coleman discussed the facility's experience with audit log analysis in a presentation at the 2003 Symposium for Computer Applications in Radiology.

At MMC, all users are trained and required to sign an agreement indicating they understand and will follow all security and confidentiality policies, he said. For staff not employed by MMC, an office agreement was developed to ensure support for the security policy.

These policies are backed up with strong review and enforcement, the key to which is strong auditing of the institution’s logs. MMC has approximately 1,600 users on its Web-based image distribution system, with audit records growing by 25,000 to 30,000 per week.

"That’s a lot of data," he said. "It’s impossible to just sit there and go through it."

Those logs are purged after 30 days by the hospital’s PACS vendor for performance reasons, and the audit report tool provided by the PACS vendor was limited. So MMC needed to come up with an alternative solution, Coleman said.

First, MMC elected to extract audit logs from its Web server and PACS network on a weekly basis. In addition, other associated data was captured, and MMC essentially created a departmental data warehouse, Coleman said. User information from the credentialing system, study information from the RIS, and image information from the PACS is included.

The OLAP software (PowerPlay, Cognos, Ottawa, ON) is then deployed to analyze the logs. The multidimensional analysis preprocesses the data, which is then loaded into a different structure that provides analysis and data mining, Coleman said.

Easy filtering of data can be performed based on one or more criteria, and the software provides excellent graphical tools to assist in analysis, he said.

"There’s a lot of ability to drill up or drill down," Coleman said. "You can start at a high level, (it will) show you everything that’s going on with the system. And then (when you) start to drill down, (it will) show me what’s happening in CT, show me what’s happening for my residents."

Via the OLAP software, suspicious Web users can be identified, and the activity of non-clinical users could be tracked, Coleman said. User names and patient names could be matched, Coleman said. The institution could also review activities related to any VIPs.

"As soon as we started sending out e-mails that said, ‘We’ve noted that you’re looking at a particular patient’s record, can you please explain that?’… it became a very effective deterrent," Coleman said. "Once word got out that we were actually using the audit logs, it made a huge difference."

Interestingly, the system was also helpful in evaluating departmental benchmarks, such as report turnaround times, Coleman said. The system produces information better than classical reports, and idiosyncrasies in the data are quickly identified.

It’s also possible to examine particular components of the turnaround time, filtering by dimensions such as exam type, body part, day of week, and physician, Coleman said.

By Erik L. Ridley
AuntMinnie.com staff writer
October 31, 2003

Related Reading

Keeping your eye on the PACS ball, September 30, 2003

High-volume teleradiology brings substantial benefits, September 19, 2003

Swiss promote open-source radiology informatics tool, September 5, 2003

RIS/PACS integration, September 3, 2003

PACS training modules can smooth PACS education, operation, August 21, 2003

Copyright © 2003 AuntMinnie.com

Latest in PACS/VNA
Quality Check Mark
Proposed rule adds imaging requirements for EHR certification
August 2, 2024
Business Contract Signing
Synthesis Health wins new contracts
June 14, 2024
Business Deal Handshake
InsiteOne acquires Brit Systems
November 30, 2023
Cyber Informatics 400
What are the benefits of using an AI server downstream of PACS?
November 28, 2023
Related Stories
187x200 Am Logo
Companies
AuntMinnie.com
2003 09 03 12 06 57 706
PACS/VNA
HIPAA security and privacy compliance concerns
2003 09 15 11 26 01 706
PACS/VNA
High-volume teleradiology brings substantial benefits
2003 09 03 12 06 57 706
PACS/VNA
RIS/PACS Integration
More in PACS/VNA
Proposed rule adds imaging requirements for EHR certification
By Liz Carey
The U.S. Department of Health and Human Services hopes program requirements will encourage adoption of electronic transactions and reduce physical media exchange.
August 2, 2024
Quality Check Mark
Synthesis Health wins new contracts
By AuntMinnie.com staff writers
Image management software developer Synthesis Health said it has signed contracts with three multisite imaging centers.
June 14, 2024
Business Contract Signing
InsiteOne acquires Brit Systems
By AuntMinnie.com staff writers
Cloud-based clinical image management company InsiteOne will acquire BRIT Systems.
November 30, 2023
Business Deal Handshake
What are the benefits of using an AI server downstream of PACS?
By Liz Carey
Funneling image studies through a private AI server creates opportunities for big data research and speeds AI analysis time to reporting.
November 28, 2023
Cyber Informatics 400
Enterprise imaging: What is the market opportunity beyond radiology?
By Amy Thompson
Amy Thompson of Signify Research assesses the future prospects for the enterprise imaging market.
October 18, 2023
Amy Thompson of Signify Research.
How to hack a gaming mouse for PACS: Group offers guide for rads
By Will Morton
High-performance gaming mice offer radiologists multiple custom buttons and superior tracking features that can streamline radiology tasks.
October 6, 2023
Gamingmouse
Sectra posts growth in net sales, revenue in Q1
By AuntMinnie.com staff writers
Enterprise imaging firm Sectra reported strong net sales and revenue growth in the first quarter of 2023, citing deployment of it cloud services for diagnostic imaging.
September 4, 2023
2020 02 20 17 57 8385 Sectra Rsna 2019 400
Rad AI to launch its Omni Reporting software
By AuntMinnie.com staff writers
Rad AI plans to formally launch its Omni Reporting software on September 27.
August 21, 2023
2018 08 01 23 13 1733 Artificial Intelligence Ai 400
Qure.ai and xWave establish strategic partnership
By AuntMinnie.com staff writers
Radiology AI software developer Qure.ai and xWave Technologies have established a strategic partnership focused on improving radiology workflows.
August 15, 2023
2022 06 28 17 16 2885 Hands Shaking3 20230509203239
Sectra inks $227M deal with U.S.-based health system
By AuntMinnie.com staff writers
Enterprise imaging firm Sectra said it has inked a deal valued at $227 million to provide its Sectra One Cloud subscription service for diagnostic imaging to a large U.S.-based health system.
August 15, 2023
2020 02 20 17 57 8385 Sectra Rsna 2019 400
US Radiology Specialists begins recruiting for Connexia
By AuntMinnie.com staff writers
US Radiology Specialists is beginning recruitment for US Radiology Connexia, the company's new teleradiology organization.
August 14, 2023
2022 07 06 17 35 0405 Computer Doctor Patient Video 400
Segmed platform passed 100M studies
By AuntMinnie.com staff writers
Data management vendor Segmed said its Insight cloud-based platform has now surpassed 100 million imaging studies
August 13, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Page 1 of 775
Next Page