AngelTrack monitors all accesses of PHI to track exfiltration counts throughout the day.
Exfiltration Counters
Each time an employee access a data record that contains PHI, AngelTrack increments a counter. You can view these counters throughout the day. When the number of records exceeds a preset limit, AngelTrack sends an exfiltration alert to your administrators.
PHI is everywhere in our industry, so a large variety of actions in AngelTrack are counted as exfiltrations, not to mention its various APIs.
Exfiltration Monitor
At any time you can review current exfiltration counts by employee, by visiting the Heartbeat page under Settings.
The page shows all exfiltration counts for all employees who have accessed a significant number of PHI records. Remember that PHI access is normal in our industry, and furthermore certain large reports and ReportBuilder datasets will pull large numbers of PHI records.
Exfiltration Tripwire
AngelTrack has a data exfiltration tripwire, that will alert you whenever the exfiltration counter exceeds a limit that you set.
A default tripwire threshold is already set for you, but there is no one-size-fits-all setting, so you must change it to match the pace of your operation. You can modify the tripwire by visiting the Preferences page under Settings and scrolling down to the bottom.
If the tripwire activates, AngelTrack will send an alert message to all employees for which all of the following are true:
- Their account is active;
- They have a secondary-messaging email address configured; and
- They are Administrator or Principal.
The exfiltration alert will include a chart of all employees who viewed or exported at least 30 records containing PHI at any point during the day so far. Viewing or downloading a full PCR run report or a full PCR NEMSIS XML counts as 5 records.
A harmless exfiltration alert may occur if someone performs archiving, or runs many Report Builder reports that include PHI datasets. Remember that a single Report Builder dataset potentially includes all patients seen across an entire year.
The tripwire automatically resets at 03:15 CST every morning, at which point it is ready to fire again.
AngelTrack LLC monitors data exfiltration rates cluster-wide, but does not intervene for large exfiltrations at a single provider, because these occur routinely during bulk reporting or exports. For further reading on this topic, please refer to the Shared Responsibility Model Guide.