SPHER Audit Log Alerts

Monitoring your EHR Logs for Suspicious Activity

Designed to meet specific HIPAA Security and HITECH requirements.

SPHER reviews each user activity, and documents every incident resolution up to 7 years.

All ePHI data sent to SPHER is fully encrypted and hosted in 100% HIPAA compliant data center.

No hardware, no software, no maintenance, no-cost updates. Compatible with Major ONC Certified EHRs.

Behavioral Analytics


SPHER leverages pattern recognition algorithms to determine if there was suspicious behavior within the EHR. It accomplishes this by comparing past behaviors to current behaviors in the audit log file SPHER is actively reviewing.

For example, SPHER may have learned over the past months that an EHR user named John is typically active between 8 AM and 4 PM. In the current audit log file, SPHER notices that John was active on the EHR from 4 PM to 12 midnight which causes SPHER to send you an unusual time of access alert. SPHER works with over 24 EHRs.

Incident Resolution SPHER Learns

SPHER Learns

You log into your customized SPHER dashboard to investigate the incident. You review the incident description, which says it’s for an activity at an unusual time. You know that John’s shift recently changed from 8 PM to 4 AM. Going through the SPHER incident resolution process, you indicate that this behavior is Normal and Permitted.

Based on this feedback, SPHER has now learned that this is normal EHR behavior for John. SPHER will not send an alert the next time it sees EHR activity for John during this new time span. As normal behavior on your EHR changes, SPHER learns and does not send false alerts for behaviors you’ve already indicated are normal.

Refined Process


  • SPHER receives an audit log file from the EHR
  • SPHER reviews all activity in the audit log file for suspicious behavior
  • SPHER sends you an alert when suspicious activity is identified in the audit log file
  • You log into SPHER, review the incidents and determine if they are normal or not

HIPAA Security Standards/Specifications met by SPHER:

Information System Activity Review §164.308(a)(1)(ii)(D) Audit Controls § 164.312(b)

SPHER enables you to meet this requirement by:

  • Reviewing ALL records in the EHR audit log file for suspicious activity
  • Creating a record of how all incidents were resolved and retaining it for 7 years.
    • Monitoring healthcare organizations’ EHR audit log files on a regular basis

Contact sales@f1networks.com for more information.