SPHER: Simplifying the process of monitoring and protecting patient ePHI

The SPHER Solution

SPHER is the frontline defense against the day-to-day threat of patient privacy violations resulting from inappropriate access to PHI. As required by HIPAA, every comprehensive compliance strategy must include User Activity Monitoring, a requirement that SPHER is specifically designed to achieve.

SPHER automatically monitors ALL of the daily activity that occurs on an EHR for suspicious behavior through the analysis of EHR audit logs.  Should suspicious activity occur, SPHER sends an alert, defines the exact details surrounding each incident for investigation, and presents a consistent step-by-step process towards resolution and remediation.

SPHER Workflow

spher workflow thin





SPHER receives an audit log
file from the EHR

SPHER reviews all of the audit log records
for suspicious behavior

SPHER sends you an email alert of
all suspicious activity identified
in the audit log file

You log into SPHER, review the incidents
and determine if it is normal or not

How SPHER Works

Behavioral Analytics


During Step 2 above, SPHER leverages pattern recognition algorithms to determine if there was suspicious behavior on the EHR. It does this by comparing past behaviors to behaviors in the audit log file SPHER is currently reviewing. For example, SPHER may have learned over the past months that an EHR user named John is typically active between 8 AM and 4 PM. In the current audit log file, SPHER notices that John was active on the EHR from 4 PM to 12 midnight which causes SPHER to send you an unusual time of access alert.


Incident Resolution

SPHER Learns

You log into your customized SPHER dashboard to investigate the incident (step 4 above). You review the incident description which says it’s for activity at an unusual time. You know that John’s shift recently changed from 8 PM to 4 AM. Going through the SPHER incident resolution process, you indicate that this behavior is Normal and Permitted. Based on this feedback, SPHER has now learned that this is normal EHR behavior for John and will not send an alert the next time it sees EHR activity for John during this new time span. As normal behavior on your EHR changes, SPHER learns and does not send false alerts for behaviors you’ve already indicated are normal.


SPHER Features

automated audit 600px

Automated Audit

SPHER’s auditing approach is uncompromised. SPHER audits 100% of user action everyday without any additional human interaction. Other approaches to auditing involve only samples of user data and limited date ranges that tell you little of what actually happens on a day-to-day basis.

Incident Detection

SPHER’s analysis of audit logs is accurate. SPHER relies on pattern recognition algorithms capable of learning the complex behavior patterns of all your users. SPHER behavior detectors alert you to truly out-of-the-norm or suspicious user behavior, giving you the insight necessary to respond to the issue and decide whether to take corrective action.

incident detection
incident management

Incident Management

The SPHER dashboard presents a step-by-step process through which you can easily resolve incidents by telling SPHER whether a particular user event is normal or not. During this entire process, SPHER documents your responses to the incidents.

Ready to see SPHER in action?

SPHER can help you prevent patient privacy violations, comply with
HIPAA regulations, as well as proactively monitor, and verify the endless
human interactions with ePHI.