How Region Värmland uses LogPoint for medical record logging to protect patient integrity

Usually SIEM is about monitoring and analyzing log data coming from the IT infrastructure such as firewalls, routers, applications, and the like. But in Region Värmland in Sweden, LogPoint is at work logging medical record views. This helps Region Värmland to better comply with patient data laws, and safeguard citizens‘ integrity.

Background

Located in the western part of the country, bordering Norway, Region Värmland is one of 21 Regions in Sweden. The region is responsible for the healthcare and dental care of approx. 280.000 citizens. There are about 30 health centers in Värmland, and three hospitals are situated in the towns of Karlstad, Arvika, and Torsby across the region. 

The Swedish Patient Data Act (In Swedish ”Patientdata-lagen”) protects the integrity of citizens by only allowing healthcare professionals who have an active care relation with the patient to access their medical records. As an example, a doctor or nurse may not access the medical records of their neighbor or spouse without a care relation. To lock down all records and provide access on a need-to-know basis is unsustainable, as it is impossible to predict what records medical professionals need to access in case of an emergency.

The strength of the LogPoint solution is that we don’t have to spend unnecessary time on investigating false positives and that we check all logs. Not only logs chosen at random. This way, we comply to the legal requirements of effective log auditing.

Joakim Bengtzon, IT Security Manager, Region Värmland
Region Varmland Joakim Bengtzon

The challenge

With 7.500 employees in hospitals and health care centers, the number of medical record views in Region Värmland quickly became unmanageable. Since the handling of medical records hadn’t evolved significantly since 2006, and the data that needed to be managed from an increasing number of users and patients only grew, the old ways of working were due for an overhaul.

„Previously, we did random checks to see which record views violated the patient data act. But the cases that were discovered, were discovered by chance,“ says Joakim Bengtzon, IT security manager at Region Värmland.

The solution:

Download the full case to learn how Region Värmland uses LogPoint for medical record logging and protect patient integrity: