Every organisation possesses (special) personal data. These are often stored in a digital file such as an ECD, EPD, CRM or, for example, an HRM system. These records consist of particularly sensitive information of employees, patients, customers, members, students or clients. The processing of this personal data comes with a legal and social responsibility. As an organisation, it is necessary to have a grip on the use of (unlawful) this data. After all, the GDPR requires proper protection of such personal data. In addition to a legal obligation, organisations are also under a social obligation to ensure data protection.
Our Dossier Monitoring solution helps your organisation meet these obligations. We support (healthcare) institutions with monitoring of client and patient records. Among other things, we monitor for unauthorized inspection of records or improper use of records. With our Dossier Monitoring service you gain and maintain visibility and thus comply with laws and regulations.
Spearheads Dossier Monitoring
Our Dossier Monitoring service consists of a number of spearheads to provide optimal support to our customers. Every organisation is different and has its own way of working, culture, policies and processes. That’s why we make sure that our product is optimally matched to your organisation’s needs and desires. With our services, we work with your organisation to address the following issues:
- Learning and understanding behavior within your organisation and being able to anticipate it;
- Increaseawareness by holding users/employees accountable for behavior;
- Gain control and provide contact using the right tools, so that the organisation direction gets and is compliant;
- Take appropriate and necessary data-driven measures;
- Inform every stakeholder of relevance and accuracy within the right context;
- Understanding current events and looking ahead based on historical data.
Together with our consultants and data specialists, we work on mapping the organisation through a scan. This scan forms the basis of our customized services. Our data specialists will work with employees from privacy, compliance and ICT to create detection rules that fit the organisation. In it, we collectively iterate on refining these detection rules. As an example, it is possible to use a detection rule to see if there is a relationship present between the person viewing a dossier and the dossier holder itself. And to test whether this inspection is lawful, whether there is a treatment relationship or not, or whether there is a family relationship.
Dossier Insights, where innovation meets monitoring
We offer the software we use to support, guide and advise your organisation as part of our Dossier Monitoring service as a product under the name Dossier Insights. We do this in the form of a SaaS (Software as a Service). Dossier Insights is an innovative product that forms the basis for monitoring patient records in healthcare. Our software developers, data analysts and consultants work closely with our customers to develop this product. This development comes about through the continuous release of function and detection rules and the application of machine learning to data. New developments are always shared with new and existing customers.
Continuous and intelligent monitoring of your dossiers
Dossier Insights provides continuous and intelligent monitoring of dossiers. Using our unique self-developed business rules engine, dossier access is monitored. Based on detection rules, data anomalies are automatically detected. An example of a deviation is the unlawful use of an emergency search procedure. You can then investigate the report and take follow-up actions such as taking action against the deviant behavior.
Driven by data
Data lies at the heart of Dossier Insights using relationships to data and log sources within an organisation. The links provide access to relevant data that contribute to the operation of Dossier Insights. What makes Dossier Insights powerful is the fact that only necessary data is correlated with different sources. Of course, this does not involve the use of special personal data.
Our various dashboards provide overviews of the data to provide each user with the right information. There is also a dashboard that helps you conduct sampling and other surveys more efficiently. By building a timeline you can see at a glance what has happened around a dossier. Dossier Insights enables the customer to monitor all sources and systems regarding personal data with one tool. In addition, there is a possibility to combine our Dossier Monitoring with Security Monitoring to get a grip on the entire information security.
NFIR uses only the data that is minimally required to perform the desired analyses, such as entries, mutations, and contact moments. This data is securely unlocked to our Elasticsearch environment where the data is analyzed. This environment meets the highest security standards and has the necessary certifications.
Who is our Dossier Insights solution interesting for?
In addition to our current clients in healthcare and government, our service is of interest to organisations that want visibility into the unauthorized use of records. With our services we support the complete care chain, both care and cure. Other industries that deal with (special) personal data can also benefit. Does your organisation use an EHR, EKD, ECD, PBM, or other type of file solution? We can help you get a better handle on your data. Would you like a demonstration of Dossier Insights and a no-obligation discussion with a business consultant? Then leave your information and we will contact you.
Dossier Insights helps companies gain insight into
unlawful use of personal data.
Dossier Insights provides continuous and intelligent monitoring on file submissions through a business rules engine. Act appropriately in response to detected discrepancies and/or improper use of the emergency procedure.
What is the difference between Dossier Monitoring and Dossier Insights?
Dossier Monitoring is our entire service that consists of supporting organisations to get and keep a grip on monitoring for irregularities. The software we use for this is Dossier Insights.
What are (privacy) detection rules?
Detection rules are purposeful queries to data sources to identify any anomalies. There are different types of detection rules where, for example, actions in a specific dossier are looked back over a certain time frame. Another example are detection rules that monitor volume increase or detection rules that look at (treatment) relationships, authorizations, leave or actuality in relation to events.
Are there standard detection rules or are they developed on a customer-by-customer basis?
In addition to a set of generic detection rules that can be used by any organisation, we also have variations that are industry specific such as for healthcare. We also develop new detection rules for customers. These complement the existing detection rules and are also deployed with other customers. In this way, they also benefit from this development.
Can I create a detection rule myself?
Creating detection rules yourself is not (yet) possible. However, designing detection rules is always possible. Therefore, this is also part of our service. In fact, we have developed a methodology that supports the customer in designing detection rules.
What does the organisational scan entail?
Because no two organisations are the same, NFIR has developed an approach to understanding an organisation’s processes, policies and culture. The scan indicates where the needed attention and bottlenecks are. Realistic goals are formulated based on this.
Where is Dossier Insights data stored?
Logging and data are stored in Elastic Search with the required retention. For this, Intermax is our partner who have a Cloud hosting service in healthcare.
Why are there monthly hours to spend on support?
Part of our service is the monthly monitoring of false positives. Based on the results, the detection rules are optimized. In addition, work sessions are organised to increase information security awareness within your organisation. These sessions draw on the insights gained from the data analyses that show trends, behaviors and compliance anomalies.
What are special personal data?
The General Data Protection Regulation (AVG) states that a personal data is any information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to them. Data about organisations is not personal data under the AVG.
Personal data that is particularly sensitive by nature is given additional protection in the General Data Protection Regulation (AVG). This data includes genetic data and biometric data if it is traceable to a person. We call this data special personal data (AVG: special categories of personal data).
The AVG considers these personal data to be special personal data:
Personal data revealing racial or ethnic origin;
Personal data revealing political views;
Personal data demonstrating religious or philosophical beliefs;
Personal data showing membership in a trade union;
data about a person’s health;
data about a person’s sexual behavior or orientation;
biometric data for the purpose of uniquely identifying an individual.
What is the duration of an implementation for setting up Dossier Monitoring?
The average time commitment for an implementation is about two months for the realization and having Dossier Insights in production. The following months are spent on further optimizing the detection rules.
What (data) sources can I monitor?
In theory, all digital data carriers with logging or data can be read out. It doesn’t matter if it’s a relational database, object-oriented database, or a comma-separated file. Through automated normalization and correlation, it is possible to combine the different sources for the detection rule(s) developed for this purpose.
Can I get a live demo?
Yes, we have a demo environment for this that we can show and present how it works. Feel free to ask us for a demo that suits your organization.
What is a sample?
A sample is a homogeneous collection of units (persons, objects, or situations) that share one or more characteristics that are the focus of the study. This can be, for example, a group of organisations, people objects, often selected for certain characteristics. It is often impossible to examine all units of a population (e.g., all emergency room visitors). Therefore, we take a sample from it. The sample should be a representative selection of the population, meaning that the sample has the same characteristics as the group you want to make statements about.
How will I be involved as a customer and be able to think along in the development or exchange experiences with other customers?
We are happy to think with our Dossier Monitoring customers about issues specific to your organisation. Then we find the solution to this in our product. Should we not find that solution, we will include the issue in the development of our product. We always involve our customers in the development of our products and like to bring our customers into contact with each other to solve industry-specific issues.