Auditing Medical Records Accesses via Healthcare Interaction Networks

Healthcare organizations are deploying increasingly complex clinical information systems to support patient care. Traditional information security practices (e.g., role-based access control) are embedded in enterprise-level systems, but are insufficient to ensure patient privacy. This is due, in part, to the dynamic nature of healthcare, which makes it difficult to predict which care providers need access to what and when. In this paper, we show that modeling operations at a higher level of granularity (e.g., the departmental level) are stable in the context of a relational network, which may enable more effective auditing strategies. We study three months of access logs from a large academic medical center to illustrate that departmental interaction networks exhibit certain invariants, such as the number, strength, and reciprocity of relationships. We further show that the relations extracted from the network can be leveraged to assess the extent to which a patient's care satisfies expected organizational behavior.

[1]  Wen Zhang,et al.  Specializing network analysis to detect anomalous insider actions , 2012, Security Informatics.

[2]  Charles Safran,et al.  Electronic Medical Records: A Decade of Experience , 2001 .

[3]  Kayla N. Cytryn,et al.  The Collaborative Health Care Team: The Role of Individual and Group Expertise , 2000, Teaching and learning in medicine.

[4]  Suzanne Bakken,et al.  Description of a method to support public health information management: Organizational network analysis , 2007, J. Biomed. Informatics.

[5]  Susan C. Herring,et al.  Beyond Microblogging: Conversation and Collaboration via Twitter , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[6]  Herbert S. Lin,et al.  Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions , 2009 .

[7]  Bradley Malin,et al.  Detection of anomalous insiders in collaborative environments via relational analysis of access logs , 2011, CODASPY '11.

[8]  Kaija Saranto,et al.  Definition, structure, content, use and impacts of electronic health records: A review of the research literature , 2008, Int. J. Medical Informatics.

[9]  G. Eysenbach Medicine 2.0: Social Networking, Collaboration, Participation, Apomediation, and Openness , 2008, Journal of medical Internet research.

[10]  Joan S. Ash,et al.  Viewpoint Paper: People and Organizational Issues in Research Systems Implementation , 2008, J. Am. Medical Informatics Assoc..

[11]  Daniel Fabbri,et al.  Explanation-Based Auditing , 2011, Proc. VLDB Endow..

[12]  Jihoon Kim,et al.  Using statistical and machine learning to help institutions detect suspicious access to electronic health records , 2011, J. Am. Medical Informatics Assoc..

[13]  Dario A. Giuse,et al.  Supporting Communication in an Integrated Patient Record System , 2003, AMIA.

[14]  Diego Garlaschelli,et al.  Patterns of link reciprocity in directed networks. , 2004, Physical review letters.

[15]  Xiaoqian Jiang,et al.  Anomaly and signature filtering improve classifier performance for detection of suspicious access to EHRs. , 2011, AMIA ... Annual Symposium proceedings. AMIA Symposium.

[16]  Kathleen M. Carley,et al.  Computational organization science: A new frontier , 2002, Proceedings of the National Academy of Sciences of the United States of America.

[17]  Bernd Blobel,et al.  Authorisation and access control for electronic health record systems , 2004, Int. J. Medical Informatics.

[18]  Susan C. Herring,et al.  Beyond Microblogging: Conversation and Collaboration via Twitter , 2009 .

[19]  Bradley Malin,et al.  Learning relational policies from electronic health record access logs , 2011, J. Biomed. Informatics.

[20]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.