Healthcare insurers are paying tens of millions of dollars every month for fraudulent medical claims and services that were never delivered. The transition from paper based claims processing to electronic medical records is introducing new sources of security and privacy threats. At the same time, payers are also facing more regulatory oversight including HIPAA/HITECH, SOX, and State Privacy Laws. Effectively addressing these problems requires monitoring of all user, application, and system activity on payer networks
ArcSight is used by leading healthcare payers to:
- Combat medical claims fraud
- Ensure data privacy and stop data breaches.
- Cost effectively demonstrate compliance with HIPAA, State Privacy Laws, and Sarbanes Oxley
- Ensure the availability of claims processing infrastructure
The ArcSight protection suite for healthcare payers is designed to address the monitoring challenges unique to healthcare payer environments.
- Consolidated ePHI Portals – Proactive healthcare is driving payers to aggregate patient medical records across providers and enable web access to doctors, hospitals and researchers. ArcSight provides role based monitoring of all access to and activity within these portals to detect unauthorized ePHI access and potential data breaches.
- Self-service Portals – Payers are launching self-service patient portals to reduce operational cost of claims submission. ArcSight monitors user activity on these portals and factors in inputs such as user’s access location and the user behavior to detect unauthorized access or fraudulent claims.
- Legacy Infrastructure – Legacy claims processing infrastructure lacks in-built access controls and relies on shared accounts, making it difficult to track activity back to a specific employee. ArcSight uniquely addresses this problem by linking each shared account session back to a particular user and can then monitor that user to ensure they stay within their assigned role.
- Claims Processing Infrastructure Availability – Any payer’s business is dependent on the availability of its claims processing infrastructure. ArcSight can monitor claims processing applications and their supporting infrastructure (routers, switches, firewalls etc) to detect potential cyber-threats and malware.
- Cross-regulatory Compliance – ArcSight offers pre-packaged content to streamline and automate HIPAA and Sarbanes Oxley audits. ArcSight also offers best practices monitoring content based on ISO 27002 to support other regulations such as state privacy laws that impact healthcare payers.
