The HIPAA Security Rule requires healthcare organizations to “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” (Section 164.312). This rule poses a significant challenge for healthcare organizations, especially for those that rely on legacy systems. Unlike network devices and infrastructure systems, there is typically no application access logging mechanism in these systems. Developing such a mechanism, involves tremendous effort, since thousands of the organization’s programs need to be changed. In some cases there are mechanisms in place that track changes in the corporate databases, yet this method is insufficient, since it tracks only “update” actions performed in the database, but does not cover “read” or access actions.
Intellinx provides unparalleled visibility into the interaction of all organization employees with the internal business applications. Every screen viewed and every keystroke made by end-users is recorded and analyzed in real-time. As required by the HIPAA Security Rule, Intellinx creates a full audit trail of end-user access to protected health information including queries that normally do not leave any traces; all this with no need to install anything on the host or clients and with no performance impact. Based on pre-defined rules, Intellinx translates the monitored data into meaningful business indicators, thus enabling you to identify user behavior patterns and detect fraud and malicious activity, zoom-in on specific suspects and replay specific screen flows that contain suspicious acts.