Protecting Patient Data and Privacy
Initially, NewYork-Presbyterian turned to Splunk to fulfill a variety of security use cases, including preventing phishing attacks, bolstering account security and automating critical security workflows. “Fast-forward a couple of months, and we started building our security operations center [SOC],” says Jennings Aske, senior vice president and chief information security officer at NewYork-Presbyterian. “Now, we have a team of six individuals that spend all day looking at dashboards and visualizations that integrate all the data sources we need for security,” says Aske.
But that was just the beginning. “In the course of building our SOC, we realized we needed to think about business problems related to patient privacy. In particular, we wanted to have a platform to help us make sure people weren't snooping, looking at too many records or accessing the wrong records,” continues Aske. “So I said, ‘Let’s go talk to Splunk and suggest that we build a privacy platform for us and other Splunk customers that would integrate with clinical systems like EPIC.’”
Together, NewYork-Presbyterian and Splunk made this vision a reality, creating a platform that allows for immediate investigation by alerting privacy officers if patient records are inappropriately accessed. Yet the hospital soon realized that the platform’s potential extended far beyond what they initially envisioned.