Why monitor patient privacy and insider threat?

You've spent millions on security, protecting your hospital against outside intruders that could steal valuable patient data, or block your employees' access to the core systems they need to do their job. 

But  there is a major vulnerability you haven’t addressed: your own employees and collaborators acting from the inside. 

Breaches due to inappropriate EHR access (“snooping”) are a major threat within healthcare, resulting in loss of reputation, state and federal fines, audits, civil suits, media headaches, and ultimately loss of patient trust.

In fact, healthcare security professionals rate breaches linked to insiders' activity as the single greatest security threat.


Because it benefits your hospital and your patients.

Your hospital saves money and reputation

As required by the Office of Civil Rights, active patient privacy monitoring protects your hospital’s reputation, and helps avoid regulatory scrutiny and expensive fines. The cost of a single privacy breach can reach millions of dollars, and the annual impact of privacy breaches in the US is upwards of $6 billion.

Your patients’ LIVES are protected

Patient medical records are 50 times more valuable to hackers than credit card data. Ensuring that the right medical personnel are accessing the right patient data is critical to keeping the promise of patient privacy.



Why Haystack?

"Privacy first” to meet THE UNIQUE needs of privacy professionals

By intelligently analyzing the interactions between hospital staff and patients, Haystack provides the privacy professional with a clear understanding of hospital workflows and user behavior, allowing them to easily identify outliers including patient privacy violations and other security risks.


A detective at a crime scene uses multiple tools to get a grasp on what might have occurred: sometimes a magnifying glass, other times black light, etc. Similar to a detective’s instruments, Haystack provides multiple visualization lenses to help the privacy professional analyze the data from multiple perspectives, allowing him or her to quickly understand the context and identify outliers.

Multiple detection engines

Instead of fixed rules, Haystack uses a combination of dynamic and static anomaly detection engines to scour the data and identify improper user behavior. These can range from simple last name matching, to complex machine learning and graph theory algorithms. Most importantly, we help privacy professionals prioritize their work by aggregating and customizing these engines to their typical workflow.

Import data from any source

Haystack works with today’s leading electronic health records systems (e.g. EPIC, Allscripts, Cerner, etc.), and allows hospitals to combine data from multiple sources (e.g. Lawson for HR, etc). The data model is generic, accepting both raw audit logs as well as the metadata around employee and patient transactions. Integration is quick and painless.

Integrated Investigation Workflow

Haystack features a rich investigative workflow, which incorporates the hospital’s specific risk analysis methodology. It lets you manage not only privacy investigations, but also cases of lost laptops, theft, improper disposals, and other breaches. The system is designed for paperless use - no more scribbling on insecure notepads. It has powerful reporting and tracking capabilities to help you with the information needs of your Compliance department or the Office of Civil Rights.

In the cloud or IN Your datacenter

Haystack has been designed from the ground up with advanced technology that allows it to be deployed securely either in the cloud or inside your own premises. Our experience has indicated that cloud deployments are the better option, as they do not require additional resources on your side, and allow us to provide maximum responsiveness and user satisfaction.

Save time and sleep better at night

Multiple detection engines. Multiple visualization lenses. Integrated workflow. Designed for humans. Everything we do has one singular purpose: to make you a superstar and empower you to do your job easier, faster, better. Others can show you the data, but only we show you its meaning and deepest secrets. So you can go home secure in your knowledge that you have privacy under control.  


Customers love us.

Before Haystack, the audit I could run via IT was cumbersome and required lots of investigation. Now, I have instant identification of suspected anomalous activity.
— Michele Koss, Clinical Risk Manager @ Connecticut Children's Medical Center
It tells me so much more than a spreadsheet. I do not have to access Epic as much as with our previous solution. It is intuitive to use. I love the watch list and ease of adding and removing users/patients. Love having the encounter information.
— Pam Martin, Privacy Specialist @ Leading Hospital in Pennsylvania

Do you know what your employees are doing?