1. Prescription statistics threat that medical corruption prevention encounters
Commercial bribery in medicine purchase and sale field brings large negative impact on clinical doctors. Illegal prescription statistics is the main basis for medical representatives to conduct quantitative bribery. While prescription statistics data comes from core database of hospital information system.
Management level:personnel responsibilities and process need to be improved. In case of security events, true operators can not be traced or localized.
Technical level:as internal operations inside the database are unclear, any external security tools (such as firewall, IDS and IPS) can not be used to prevent internal users from malicious operations or abusing resources and leaking hospital confidential information.
Audit level:along with database information value and accessibility rise, database are facing increasingly growing security risks inside and outside. For example, illegal or unauthorized operations or malicious intrusion will lead to confidential information or prescription statistics information thieved or leaked, which can not be traced and audited effectively in later period.
2. Strict requirements and great attention of the country
1) Requirements of the Ministry of Health or provincial health department
Hospital information system has made great progress in recent years and becomes an important part of hospital operation nowadays. For example, the State Administration of Traditional Chinese Medicine has published Nine Bans on Strengthening Medical and Health Professional Style Construction and its sixth article is prescription statistics is not allowed for commercial purpose.
2) Information security grade protection requirement
Administrative Measures for Information Security Grade Protection requires organizations provide security protection for information system according to the grade, computer information system creates and maintains access audit track record of protected objects.
3. traditional protection means getting into trouble
Medical industry has not good measures to prevent prescription statistics at present, but often uses audit measures of database itself to analyze the security of prescription statistics information. As the audit functions have larger influence on database performance, audit logs generated from self audit of database are accompanied with tedious analysis and higher human input and easily tampered or leaked. Furthermore, audit authority is integrated with operating authority together and it is hard to ensure the justice of audit.
On the premise that HIS system, PACS system and EMR system that are applied normally in application system, protection system for statistics on the amount of medication information, through security demand analysis from service, technology and management layers of hospital, adds prescription statistics prevention audit equipment in core service service area to deal with and analyze mass and out-of-order data in the network. In case of prescription statistics prevention incidents, the system will precisely describe the person, time, site and ways of rule breaking events and provide playback of operation process for analysis.
The above solutions can effectively meet the requirement of medical industry on data security management, prevent illegal prescription statistics prevention, audit record operation behaviors and output complete report. Ankki database audit solutions bring the following values to users of medical industry:
1) Monitor prescription statistics behaviors of hospital, prevent hospital patients, staffs and transaction record, hospital business, financial, scientific and office data from leaking out, protect core interests of hospital.
2) Meet compliance audit requirement of national grade protection and hospital grading in information construction.
3) Monitoring unauthorized and illegal operations in real time and trace the source.
4) Realize the spanning of prescription statistics prevention means from system restriction to technical limitation, keep working staffs away from forbidden area technically, benefit for hospital style construction and establish good public image.
5) Monitor unusual changes of patient privacy information and stored-value information of health insurance card and citizen card, prevent malicious charge and evasion of payment, have multiple effects of data leakage prevention and achieve the aim of one time investment and repeated utilization.
1. Bypass deployment
Bypass deployment way will not affect original network and any fault of network audit products does not affect normal operation of system to be audited. Any software agents or plug-ins are not necessary to be installed in database server.
2. Support distributed deployment
Monitoring center and prescription statistics prevention equipment are deployed in the ministry and bureau of health and affiliated hospitals respectively. Prescription statistics prevention equipment of all the hospitals governed by health bureau will be under unified management through integrated monitoring center and relevant strategies can be made to issue to hospitals. Prescription statistics log of all the hospitals can also be collected.
3. Support multiple types of database
Support Oracle 8/9/10/11, DB2, INFORMIX, SYBASE, Microsoft SQL Server 97/2000/2005/2008, MYSQL and POSTGRESQL at the same time.
Caché, the first domestic manufacturer fully supporting Caché database audit, is now becoming a new favorite of high-performance database application scene.
Support audit of many systems or different types of database simultaneously.
4. Support audit on application systems of many HIS manufacturers
Include East China Engineering Science and Technology Co., Ltd., Kingstar Winnings, Founder group, Hangzhou B-soft, Zhongtian Technology, Tagen Group, Kingdee, Dragon Soft, China Soft, Neusoft, Zhengzhou New Xihua, Nanjing Delano Soft, Xiamen Zoe Soft, Xinxing Technology and Weizheng Technology. Support different types of database and HIS system and serve for expansibility; especially for Neusoft HIS system (cache database), it can meet the demand of hospital for future upgrading and the hospital does with no need to repeat purchasing equipment and cost is saved furthest.
5. Unique report functions
Ankki protection system for statistics on the amount of medication information has many kinds of built-in audit reports such as grade protection report, and supports self-defined report at the same time. Clients can customize them as required.
6. Accurate event localization
Ankki protection system for statistics on the amount of medication information can realize a series of correlation analysis on IP, MAC, user name of operating system, tools and account of application system, so as to track specific person.