Analysis of record access with a SIEM
My main goal is to be able to create reports and alerts in my SIEM based on what individual searched for and accessed what patient records, and when.
Does anybody have any experience with this? I've been ingesting audit logs in to Splunk but I'm having a hard time getting useful data.
In the registry menu, select reports - run management reports. There are a number of reports that can answer this question, such as the clinical data access report.