The electronic medical record (EMR) system is a critical component of a modern health information architecture. EMRs are increasingly connected to a diverse array of systems that support healthcare business operations, such as clinical documentation, laboratory reporting, radiology services, pharmaceutical dispensing, and billing. The complexity of this domain creates challenges for ensuring patient data security and compliance with regulations (e.g., HIPPA). Certain challenges are common across domains and have thus been addressed through traditional solutions. For instance, exploits against the external perimeter of EMR systems are mitigated by network-based intrusion detection systems (IDS), hardening operating systems, and updating security patches. Additionally, access control mechanisms have been adopted by EMRs to enforce users' privileges with respect to patient records. Beyond access control, the notion of experience based access management (EBAM) has been proposed to refine access control assignments via documented user behavior [4].
Other challenges are unique to the clinical domain. First, EMR systems are connected to web portals and exposed to the Internet for a wide range of users; e.g., patients, providers. The vulnerabilities within web-based systems attract various attacks, which are difficult to detect because they exploit the semantics of clinical operations. Second, healthcare organizations use a coarsegrained implementation of access control. This is because access control mechanisms do not scale to manage the large number of clinical functions that can be invoked (e.g., medication ordering, laboratory report editing, consult requests). Third, clinical treatment guidelines are usually too complex to be modeled and explicitly enforced, which may lead to guideline violation by insiders.
Our objective is to build a context-aware anomaly detection system that is customized to the needs of the clinical domain and EMR systems. Our detection system will model the characteristics of EMR systems, monitor the system usage, and detect anomalous user behaviors. This system can help realize the user behavior monitoring component of an EBAM framework.
[1]
George S. Avrunin,et al.
Rigorously Defining and Analyzing Medical Processes: An Experience Report
,
2008,
MoDELS.
[2]
Anne Miller,et al.
A Model-Integrated, Guideline-Driven, Clinical Decision-Support System
,
2009,
IEEE Software.
[3]
Bradley Malin,et al.
Detection of anomalous insiders in collaborative environments via relational analysis of access logs
,
2011,
CODASPY '11.
[4]
Carl A. Gunter,et al.
Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
,
2011,
IEEE Security & Privacy.
[5]
Jochen Ludewig,et al.
Models in software engineering – an introduction
,
2003,
Software and Systems Modeling.
[6]
Dario A. Giuse,et al.
Supporting Communication in an Integrated Patient Record System
,
2003,
AMIA.
[7]
Malek Ben Salem,et al.
Detecting Masqueraders: A Comparison of One-Class Bag-of-Words User Behavior Modeling Techniques
,
2010,
J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..
[8]
Takeo Kanade,et al.
Models in Software Engineering
,
2011,
Lecture Notes in Computer Science.
[9]
Bradley Malin,et al.
Learning relational policies from electronic health record access logs
,
2011,
J. Biomed. Informatics.
[10]
Xiaowei Li,et al.
Towards understanding the usage pattern of web-based electronic medical record systems
,
2011,
2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.