We use LEM for many reasons, but one important one is to monitor if any folders are moved/deleted on a secure network drive. This drive holds all our patient information which is regulated by HIPAA. I wanted to set up an alert that notified a group any time one of the folders on that drive was moved or deleted with who did it, and what folder was affected. It was simple enough, however I had to take out the folder name because the folders are named after the patients. So all of John Q. Public's medical records are stored like this "HIPAA\\General Hospital\2015\A-P\Public, John Q\". One of the HIPAA regulations is that we can't transmit a patients name unsecured. Unfortunately by putting the name of the folder that was moved in the alert is a HIPAA violation. Without that all we're alerted to is the time/date a folder was moved and the name of the person who moved it. We don't know what folder was actually moved until we look into LEM. If I'm not around to look into LEM, then the manager has to wait until I'm available to find out what folder was moved and where it was moved to. First I was hoping there was a way to only show the root folder (ie. \\General Hospital) but there wasn't anyway to limit the characters or hide part of the file name in the alert. So my next hope is that there is a way to use a logic if-then statement. For example, if FileAudit.FileName = *General Hospital*, report "General Hospital". That way if the folder is "HIPAA\\General Hospital\2015\A-P\Public, John Q\" using the * wildcard search it will see "General Hospital" and report whatever name I choose. Which in this case would just be "General Hospital". It's the only other way I can come up with reporting the folder without reporting the entire path. It would be a pain because I'd have to go through and create an if-then for EVERY hospital we have accounts with, but at least it would report which folder was touched so the managers can at least look for the moved folder if I'm sick, on vacation, or not available. Unless you VERY SMART & CREATIVE GENIUSES THAT I ENVY can think of another out of the box solution? I'm not even sure there's a way to use the logic statements in LEM I'm just hoping there's a way.
I'm still a LEM newbie myself but I like your thinking. I just want to clarify - your concern about securing the patient name is in regards to an email alert, right? Because the email would contain the patient name? Is your email server internal?
If my assumption is correct, I'm wondering if you have an email encryption system set up with your email system, and if it allows for automatic email encryption by keyword or text filter?
For example I know of one HIPAA facility whose email system automatically encrypted anything that had the word "encrypt" in the subject line. If you could do something like that then modify the LEM alert to have a similar keyword and encrypt the alert. That would allow you to have the patient name in the email and still meet HIPAA requirement.
Of course, if you are using an external email service and/or you don't have an email encryption suite with that capability this doesn't help you at all. Just trying to think out of the box...
I do HIPAA work so I'm pretty interesting in this thread.
The server is internal, and we have setup e-mail encryption. If we put the keyword in the subject line it’s forwarded through the encryption appliance. However, it’s only setup to work internal to external. That way when an employee is e-mailing a Dr. or medical professional they can encrypt the e-mail that has HIPAA information. I don’t know the reason, but they didn’t turn it on internally. So if I type and send an e-mail to a colleague it doesn’t get encrypted. We user Microsoft Lync for internal communication which is HIPAA compliant, so I think it was just a matter of “Why turn it on internally when we already have a system in place?” I tried to convince them to turn it on for me to use the Alerts, but they didn’t see the need for just 1 alert… I’m trying to see if I can configure LEM with Lync to send the alerts since HIPAA information is OK on the Lync server. I know it can’ be done via the Solarwinds Network Performance Monitor (NPM), I’m just working on getting it to work.. I’m open to ideas if you have any. My original hope was to use If-Then to assign names to folders that were picked up by a LEM filter. That way if the filter picked up the folder
HIPAA\General> Hospital\S-Z\2015\Smith, John\ I could have the if-then filter it. If keyword “General Hospital” then alert “General Hospital”. That way it left the HIPAA info “Smith, John” out of the alert. Having to go through a hospital folder to find a moved folder is one thing, not knowing what hospital folder makes the job 1000% harder. Most people wouldn’t care. I have LEM and can immediately see which folder was moved and to where. This is more for the non-IT personnel that don’t have access to LEM when I’m not around, in a meeting, on vacation, sick, etc… If a folder is moved and I’m not around and they need that patients information it would cause chaos. Just trying to think ahead to avoid problems we haven’t had yet.
Well that makes sense. I can't really think of another way to do it than the direction you are heading. I hope it works out... good luck!
Did you ever figure out a solution to monitor the folder. I am also trying to do the same. Let me know.