Abstract
In electronic medical record (EMR) systems, administrators often provide EMR users with broad access privileges, which may leave the system vulnerable to misuse and abuse. Given that patient care is based on a coordinated workflow, we hypothesize that care pathways can be represented as the progression of a patient through a system and introduce a strategy to model the patient’s flow as a sequence of accesses defined over a graph. Elements in the sequence correspond to features associated with the access transaction (e.g., reason for access). Based on this motivation, we model patterns of patient record usage, which may indicate deviations from care workflows. We evaluate our approach using several months of data from a large academic medical center. Empirical results show that this framework finds a small portion of accesses constitute outliers from such flows. We also observe that the violation patterns deviate for different types of medical services. Analysis of our results suggests greater deviation from normal access patterns by nonclinical users. We simulate anomalies in the context of real accesses to illustrate the efficiency of the proposed method for different medical services. As an illustration of the capabilities of our method, it was observed that the area under the receiver operating characteristic (ROC) curve for the Pediatrics service was found to be 0.9166. The results suggest that our approach is competitive with, and often better than, the existing state-of-the-art in its outlier detection performance. At the same time, our method is more efficient, by orders of magnitude, than previous approaches, allowing for detection of thousands of accesses in seconds.
- Amatayakul, M. 2009. Think a privacy breach couldn’t happen at your facility? Hospital Financial Manage. 12, 61--65.Google Scholar
- Appari, A. and Johnson, M. 2011. Information security and privacy in healthcare: Current state of research. Int. J. Internet Enterprise Manage. 6, 279--314.Google ScholarCross Ref
- Asaro, P. V. and Ries, J. E. 2001. Data mining in medical record access logs. In Proceedings of the American Medical Informatics Association Annual Symposium. 855.Google Scholar
- Ash, J. S., Berg, M., and Coiera, E. 2004. Some unintended consequences of information technology in health care: The nature of patient care information system-related errors. J. Amer. Med. Informatics Assoc. 11, 2, 104--112.Google ScholarCross Ref
- Bansal, G., Zahedi, F., and Gefen, D. 2010. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Syst. 49, 138--150. Google ScholarDigital Library
- Bhatti, R. and Grandison, T. 2007. Towards improved privacy policy coverage in healthcare using policy refinement. In Proceedings of the Secure Data Management Workshop 4721, 158--173. Google ScholarDigital Library
- Blobel, B. 2004. Authorisation and access control for electronic health record systems. Int. J. Med. Informatics 73, 3, 251--257.Google ScholarCross Ref
- Bosch, M., Faber, M. J., Cruijsberg, J., Voerman, G. E., Leatherman, S., Grol, R. P., Hulscher, M., and Wensing, M. 2009. Review article: Effectiveness of patient care teams and the role of clinical expertise and coordination: A literature review. Med. Care Res. and Rev. 66, 6 Suppl., 5S--35S.Google ScholarCross Ref
- Boxwala, A. A., Kim, J., Grillo, J. M., and Ohno-Machado, L. 2011. Using statistical and machine learning to help institutions detect suspicious access to electronic health records. J. Amer. Med. Informatics Assoc. 18, 498--505.Google ScholarCross Ref
- Buntin, M. B., Jain, S. H., and Blumenthal, D. 2010. Health information technology: Laying the infrastructure for national health reform. Health Affairs 29, 6, 1214--1219.Google ScholarCross Ref
- Campbell, E. M., Sittig, D. F., Ash, J. S., Guappone, K. P., and Dykstra, R. H. 2006. Types of unintended consequences related to computerized provider order entry. J. Amer. Med. Informatics Assoc. 13, 5, 547--556.Google ScholarCross Ref
- Campbell, H., Hotchkiss, R., Bradshaw, N., and Porteous, M. 1998. Integrated care pathways increase use of guidelines. British Med. J. 316, 133--137.Google ScholarCross Ref
- Cavusoglu, H., Mishra, B., and Raghunathan, S. 2005. The value of intrusion detection systems in information technology security architecture. Inform. Syst. Res. 16, 1, 28--46. Google ScholarDigital Library
- Chaudhry, B., Wang, J., Wu, S., Maglione, M., Mojica, W., Roth, E., Morton, S. C., and Shekelle, P. G. 2006. Systematic review: Impact of health information technology on quality, efficiency, and costs of medical care. Ann. Intern. Med. 144, 10, 742--752.Google ScholarCross Ref
- Chen, W.-H., Hsu, S.-H., and Shen, H.-P. 2005. Application of SVM and ANN for intrusion detection. Comput. Op. Res. 32, 2617--2634. Google ScholarDigital Library
- Chen, Y. and Malin, B. 2011. Detection of anomalous insiders in collaborative environments via relational analysis of access logs. In Proceedings of 1st ACM Conference on Data and Application Security and Privacy. 63--74. Google ScholarDigital Library
- Chen, Y., Nyemba, S., and Malin, B. 2012a. Auditing medical records accesses via healthcare interaction networks. In Proceedings of the American Medical Informatics Association Annual Symposium. 93--102.Google Scholar
- Chen, Y., Nyemba, S., Zhang, W., and Malin, B. 2012b. Specializing network analysis to detect anomalous insider actions. Security Informatics 1, 5, 1--24.Google ScholarCross Ref
- Chou, C., Du, T., and Lai, V. S. 2007. Continuous auditing with a multi-agent system. Decis. Supp. Syst. 42, 2274--2292. Google ScholarDigital Library
- Davis, D. and Having, K. 2006. Compliance with HIPAA security standards in U.S. hospitals. J. Healthcare Inform. Manage. 20, 108--115.Google Scholar
- Dimick, C. 2010. A guide to California’s breaches: First year of state reporting requirement reveals common privacy violations. J. Amer. Health Inform. Manage. Assoc. 81, 34--36.Google Scholar
- Fabbri, D. and LeFevre, K. 2011. Explanation-based auditing. In Proceedings of the VLDB Endowment, 5. 1--12. Google ScholarDigital Library
- Fabbri, D. and LeFevre, K. 2013. Explaining accesses to electronic medical records using diagnosis information. J. Amer. Med. Informatics Assoc. 20, 1, 52--60.Google ScholarCross Ref
- Ferreira, A., Correia, R. J. C., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D. W., and da Costa Pereira, A. 2006. How to break access control in a controlled manner. In Proceedings of 19th IEEE International Symposium on Computer-Based Medical Systems. 847--854. Google ScholarDigital Library
- Gallagher, R. J., Sengupta, S., Hripcsak, G., Barrows, R. C., and Clayton, P. D. 1998. An audit server for monitoring usage of clinical information systems. In Proceedings of the American Medical Informatics Association Annual Symposium.Google Scholar
- Georgiadis, C., Mavridis, I., Nikolakopoulou, G., and Pangalos, G. 2002. Implementing context and team based access control in healthcare intranets. Med. Informatics Internet Medicine 27, 185--201.Google ScholarCross Ref
- Goldberg, I. V. 2000. Electronic medical records and patient privacy. Health Care Manager 18, 3, 63--69.Google ScholarCross Ref
- Goldschmidt, P. G. 2005. Hit and mis: Implications of health information technology and medical information systems. Comm. ACM 48, 10, 68--74. Google ScholarDigital Library
- Gunter, C. A., Liebovitz, D., and Malin, B. 2011. Experience-based access management: A life-cycle framework for identity and access management systems. IEEE Security Privacy 9, 5, 48--55. Google ScholarDigital Library
- Holton, C. 2009. Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem. Decision Supp. Syst. 46, 853--864. Google ScholarDigital Library
- Jakkula, V. R. and Cook, D. J. 2008. Anomaly detection using temporal data mining in a smart home environment. Methods Inform. Medicine 47, 1, 70--75.Google ScholarCross Ref
- Jakkula, V. R., Crandall, A. S., and Cook, D. J. 2008. Advanced Intelligent Environments. Chapter Enhancing anomaly detection using temporal pattern discovery, 175--194, Spriger.Google Scholar
- Kannampallil, T. G., Schauer, G. F., Cohen, T., and Patel, V. L. 2011. Considering complexity in healthcare systems. J. Biomed. Informatics 44, 6, 943--947. Google ScholarDigital Library
- Kim, J., Grillo, J. M., Boxwala, A. A., Jiang, X., Mandelbaum, R. B., Patel, B. A., Mikels, D., Vinterbo, S. A., and Ohno-Machado, L. 2011. Anomaly and signature filtering improve classifier performance for detection of suspicious access to ehrs. In Proceedings of the American Medical Informatics Association Annual Symposium. 723--731.Google Scholar
- King, J. T., Smith, B., and Williams, L. 2012. Modifying without a trace: General audit guidelines are inadequate for open-source electronic health record audit mechanisms. In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium. 305--314. Google ScholarDigital Library
- Kwon, J. and Johnson, M. 2013. Security practices and regulatory compliance in the healthcare industry. J. Amer. Med. Informatics Assoc. 20, 1, 44--50.Google ScholarCross Ref
- Lane, T. and Brodley, C. E. 1999. Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inform. Syst. Secur. 2, 3, 295--331. Google ScholarDigital Library
- Le, X., T. Doll, Barbosu, M., Luque, Z., and Wang, D. 2012. An enhancement of the role-based access control model to facilitate information access management in context of team collaboration and workflow. J. Biomed. Informatics 45, 1084--1107. Google ScholarDigital Library
- Lee, H. and Chang, S. 2012. RBAC-matrix-based EMR rights management system to improve HIPAA compliance. J. Med. Syst 36, 2981--2992. Google ScholarDigital Library
- Li, X., Xue, Y., and Malin, B. 2012. Detecting anomalous behaviors in workflow-driven web applications. In Proceedings of the 31st IEEE International Symposium on Reliable Distributed Systems. 1--10. Google ScholarDigital Library
- Loomis, G. A., Ries, J. S., Saywell, R. M., and Thakker, N. R. 2002. If electronic medical records are so great, why aren’t family physicians using them? J. Family Practice 51, 7, 636--641.Google Scholar
- Ludwick, D. A. and Doucette, J. 2009. Adopting electronic medical records in primary care: lessons learned from health information systems implementation experience in seven countries. Int. J. Med. Informatics 78, 1, 22--31.Google ScholarCross Ref
- Malin, B., Nyemba, S., and Paulett, J. 2011. Learning relational policies from electronic health record access logs. J. Biomed. Informatics 44, 2, 333--342. Google ScholarDigital Library
- Manos, D. September 12 2012. Four reasons for CIOs to celebrate stage 2 meaningful use. Gov. Health IT Mag.Google Scholar
- Marinovic, S., Craven, R., Ma, J., and Dulay, N. 2011. Rumpole: A flexible break-glass access control model. In Proceedings of the 16th ACM Symposium on Access Control Models and Technologies. 73--82. Google ScholarDigital Library
- Menon, A., Jiang, X., Kim, J., Vaidya, J., and Ohno-Machado, L. 2013. Detecting inappropriate access to electronic health records using collaborative filtering. Mach. Learn., 1--1.Google Scholar
- Motta, G. and Furuie, S. 2003. A contextual role-based access control authorization model for electronic patient records. IEEE Trans. Inform. Technol. Biomed. 7, 202--207. Google ScholarDigital Library
- Park, J. S., Sandhu, R., and Ahn, G.-J. 2001. Role-based access control on the Web. ACM Trans. Inform. Syst. Secur. 4, 1, 37--71. Google ScholarDigital Library
- Peleg, M., Beimel, D., Dori, D., and Denekamp, Y. 2008. Situation-Based Access Control: Privacy management via modeling of patient data access scenarios. J. Biomed. Informatics 41, 6, 1028--1040. Google ScholarDigital Library
- Pizziferri, L., Kittler, A. F., Volk, L. A., Honour, M. M., Gupta, S., Wang, S., Wang, T., Lippincott, M., Li, Q., and Bates, D. W. 2005. Primary care physician time utilization before and after implementation of an electronic health record: A time-motion study. J. Biomed. Informatics 38, 3, 176--188. Google ScholarDigital Library
- Probst, C. W., Hansen, R. R., and Nielson, F. 2007. Where can an insider attack? In Proceedings of the 4th International Conference on Formal Aspects in Security and Trust. 127--142. Google ScholarDigital Library
- R Development Core Team. 2008. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria.Google Scholar
- Rostad, L. and Nytro, O. 2006. A study of access control requirements for healthcare systems based on audit trails from access logs. In Proceedings of the 22nd Annual Computer Security Applications Conference. 175--186. Google ScholarDigital Library
- Sandhu, R. and Samarati, P. 1994. Access control: Principle and practice. IEEE Comm. Mag. 32, 40--48. Google ScholarDigital Library
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control. IEEE Comput. 26, 38--47. Google ScholarDigital Library
- Schoenberg, R. and Safran, C. 2000. Internet based repository of medical records that retains patient confidentiality. British Med. J. 321, 1199--1203.Google ScholarCross Ref
- Schultz, E. 2002. A framework for understanding and predicting insider attacks. Comput. Security 21, 526--531.Google ScholarDigital Library
- Smith, E. and Eloff, J. 1999. Security in health-care information systems---Current trends. Int. J. Med. Informatics 54, 39--54.Google ScholarCross Ref
- Stolfo, S., Bellovin, S., Hershkop, S., Keromytis, A., Sinclair, S., and Smith, S. 2008. Insider Attack and Cyber Security: Beyond the Hacker. Springer, New York, NY. Google ScholarDigital Library
- Sun, J., Tao, D., and Faloutsos, C. 2006. Beyond streams and graphs: Dynamic tensor analysis. In Proceedings of KDD. 374--383. Google ScholarDigital Library
- Ye, N., Li, X., Chen, Q., Emran, S. M., and Xu, M. 2001. Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst., Man, and Cybern. A, Syst. Humans 31, 4, 266--274. Google ScholarDigital Library
- Zhang, L., Ahn, G.-J., and Chu, B.-T. 2003. A rule-based framework for role-based delegation and revocation. ACM Trans. Inform. Syst. Security 6, 3, 404--441. Google ScholarDigital Library
- Zhang, W., Gunter, C. A., Liebovitz, D., Tian, J., and Malin, B. 2011. Role prediction using electronic medical record system audits. In Proceedings of the American Medical Informatics Association Annual Symposium. 858--867.Google Scholar
- Zhou, Z. and Liu, B. J. 2005. HIPAA compliant auditing system for medical images. Comput. Med. Imaging Graphics 29, 2--3, 235--241.Google ScholarCross Ref
Index Terms
- Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
Recommendations
Effect of Patient Acuity of Illness and Nurse Experience on EMR Works in Intensive Care Unit
Digital Human Modeling. Applications in Health, Safety, Ergonomics, and Risk ManagementAbstractThe objective of this study is to analyze the impact on the nurse’s process time during the electronic medical record (EMR) charting task in an intensive care unit (ICU). The dynamic uncertainty of clinical tasks in the ICU can make it difficult ...
Building a National Electronic Medical Record Exchange System - Experiences in Taiwan
Electronic medical record (EMR) can support a secure, real-time, point-of-care, patient centric information resource for clinical care.Taiwan's government has been promoting the EMR adoption since 2000.We describe the EMR adoption strategies, current ...
Using electronic health record systems in diabetes care: emerging practices
IHI '10: Proceedings of the 1st ACM International Health Informatics SymposiumWhile there has been considerable attention devoted to the deployment of electronic health record (EHR) systems, there has been far less attention given to their appropriation for use in clinical encounters --- particularly in the context of complex, ...
Comments