Enforced Policy Menus for FairWarning Managed Privacy Services, FairWarning Managed Privacy Services LITE, and FairWarning Drug Diversion Monitoring Services

Jump to:

  1. FairWarning Managed Privacy Services Enforced Policy Menu
  2. Managed Privacy Services LITE Enforced Policy Menu
  3. Drug Diversion Monitoring Services Enforced Policy Menu

FairWarning Managed Privacy Services Enforced Policy Menu

  1. DATA COMPROMISE

    Enforced PolicyDefinition
    Coworker SnoopingMonitoring for user access to medical records of patients who work in the same user department.
    Household SnoopingMonitoring for user access to medical records of patients who live at the same household address.
    Manager SnoopingMonitoring for user access to medical records of a patient who is their manager.
    Guarantor Information ModificationMonitoring for a user to modify the medical records of their own patient guarantor information.
    Break-the-Glass (BTG) Blank Override ReasonMonitoring for users who perform the Break-the-Glass event and fail to provide an override reason.
    Patient of Interest/ VIP/ Temporary VIPMonitoring for user access to an identified patient of interest or VIP/ temporary VIP.
    Expired Patient of InterestMonitoring for user access to an expired (deceased) patient of interest based on an average User ID threshold.
    Self-ModificationMonitoring for a user to modify their own medical records.
    Persons of InterestCaptures access to high profile patients, including actors, singers, athletes, and politicians, who are listed in a public database. Requires the implementation of the POI table.
    Anomalous Workflow DetectionDetects anomalies among a users daily workflow.
    Pediatric Departments accessing Adult Patients Monitoring for users who are accessing the medical records of adult patients (over 18 years old) and work in identified pediatric departments.
    Predominantly Female Departments accessing Male PatientsMonitoring for users who are accessing the medical records of male patients (over 1 year old) and work in identified predominantly female departments.

  2. DATA EXFILTRATION

    Enforced PolicyDefinition
    Deceased Demographic AccessMonitoring for user access to Demographic Events of an expired (deceased) patient.
    High Access of EmployeesMonitoring for users who access a higher number of Customer employees than their peers. Peer group defined as users with the same User Department and Title.
    High View/ Print DemographicsMonitoring for users who access or print a higher number of Demographic events than their peers. Peer group defined as users with the same User Department and Title.
    High Access of Demographics of Patients Under 12Monitoring for users who access or print a higher number of Demographic events for patients under 12 than their peers. Peer group defined as users with the same User Department and Title.
    High Access of Demographics of Patients Over 65MMonitoring for users who access or print a higher number of Demographic events for patients over 65 than their peers. Peer group defined as users with the same User Department and Title.
    Unusually High User Activity Monitoring for users who access a higher number of patient medical records than their peers. Peer group defined as users with the same User Department and Title.
    High View/ Print Insurance InformationMonitoring for users who access or print a higher number of Insurance events than their peers. Peer group defined as users with the same User Department and Title.
    High View/ Print Specific Information (configurable)Monitoring for users who access or print a higher number of configured events than their peers. Peer group defined as users with the same User Department and Title.

  3. CYBERSECURITY THREATS

    Enforced PolicyDefinition
    Access After Hours (Clinic or Department Specific)Monitoring for user access to patient medical records outside of approved business hours.
    Simultaneous Log-inMonitoring for user access performed on different work station IDs within five seconds of each other.
    Failed Log-In AttemptsMonitoring for a user who fails to log-in; can be configured for failure after X amount of times.

  4. OTHER INFORMATION SECURITY THREATS

    Enforced PolicyDefinition
    Monitoring on Leave EmployeesMonitoring for user access to patient medical records with a user status of on leave.
    Access After TerminationMonitoring for user access to patient medical records after termination.

Managed Privacy Services LITE Enforced Policy Menu

  1. DATA COMPROMISE

    Enforced PolicyDefinition
    Coworker SnoopingMonitoring for user access to medical records of patients who work in the same user department.
    Household SnoopingMonitoring for user access to medical records of patients who live at the same household address.
    Manager SnoopingMonitoring for user access to medical records of a patient who is their manager.
    Patient of InterestMonitoring for user access to an identified patient of interest or VIP/ temporary VIP.
    Self-ModificationMonitoring for a user to modify their own medical records.
    Anomalous Workflow DetectionDetects anomalies among a users daily workflow.

  2. DATA EXFILTRATION

    Enforced PolicyDefinition
    High Access of EmployeesMonitoring for users who access a higher number of Customer employees than their peers. Peer group defined as users with the same User Department and Title.
    High View/ Print DemographicsMonitoring for users who access or print a higher number of Demographic events than their peers. Peer group defined as users with the same User Department and Title.
    High Access of Demographics of Patients Under 12Monitoring for users who access or print a higher number of Demographic events for patients under 12 than their peers. Peer group defined as users with the same User Department and Title.
    High Access of Demographics of Patients Over 65MMonitoring for users who access or print a higher number of Demographic events for patients over 65 than their peers. Peer group defined as users with the same User Department and Title.
    High View/ Print Insurance InformationMonitoring for users who access or print a higher number of Insurance events than their peers. Peer group defined as users with the same User Department and Title.

  3. CYBERSECURITY THREATS

    Enforced PolicyDefinition
    Access After Hours (Clinic or Department Specific)Monitoring for user access to patient medical records outside of approved business hours.

  4. OTHER INFORMATION SECURITY THREATS

    Enforced PolicyDefinition
    Access After TerminationMonitoring for user access to patient medical records after termination.

Drug Diversion Monitoring Services Enforced Policy Menu

  1. ANOMALOUS BEHAVIOR DETECTION

    Enforced PolicyDefinition
    Unusual Access of Controlled SubstancesMonitoring for users who dispense a higher number of Controlled Substances than their peers. Peer group defined as users with the same User Department and Title.
    Unusual Waste DocumentationMonitoring for users who waste a higher number of Controlled Substances than their peers. Peer group defined as users with the same User Department and Title.
    Abnormal Discrepancy CreationMonitoring for users who create a higher number of Controlled Substance Discrepancies than their peers. Peer group defined as users with the same User Department and Title.
    Unusual Behavior by Waste WitnessMonitoring for users who act as a witness for waste of Controlled Substances significant more than their peers. Peer group defined as users with the same User Department and Title.
    Abnormal Override ActivityMonitoring for users who dispense a higher number of Controlled Substances on Override than their peers. Peer group defined as users with the same User Department and Title.
    Abnormal Cancel ActivityMonitoring for users who cancel a higher number of Controlled Substances transactions than their peers. Peer group defined as users with the same User Department and Title.
    Unusual Access of High-Risk MedicationsMonitoring for users who dispense a higher number of High-Risk Medications than their peers. Peer group defined as users with the same User Department and Title.
    Abnormal Access of Specific Patient InformationMonitoring for users who access or print a higher number of configured events than their peers. Peer group defined as users with the same User Department and Title.
    Excessive Patient AdditionsMonitoring for users who manually add patients to the ADS significantly more than their peers. Peer group defined as users with the same User Department and Title.

  2. TARGETED DIVERSION MONITORING

    Enforced PolicyDefinition
    Inventory DiscrepanciesMonitoring for Inventory Discrepancies of Controlled Substances accessed in the ADS.
    Excessive Waste QuantityMonitoring for users who waste the full quantity of the Controlled Substance that was dispensed.
    Deceased/Discharged Patient AccessMonitoring for users who dispense Controlled Substances for deceased or discharged patients.
    High-Risk Department MonitoringMonitoring for users who access medications within a High-Risk Department, as configured by the customer.
    High-Risk Patient Population MonitoringMonitoring for users who access medications for High-Risk Patients, as configured by the customer.

  3. COMPROMISED SECURITY MONITORING

    Enforced PolicyDefinition
    Access After TerminationMonitoring for user access to the ADS after the user has been terminated.
    Access by Inactive/On Leave EmployeesMonitoring for user access to the ADS while the user is identified as Inactive or On Leave.
    Simultaneous Station AccessMonitoring for user access performed on different ADS Device ID’s within 5 seconds of each other.