Learning relational policies from electronic health record access logs

Modern healthcare organizations (HCOs) are composed of complex dynamic teams to ensure clinical operations are executed in a quick and competent manner. At the same time, the fluid nature of such environments hinders administrators' efforts to define access control policies that appropriately balance patient privacy and healthcare functions. Manual efforts to define these policies are labor-intensive and error-prone, often resulting in systems that endow certain care providers with overly broad access to patients' medical records while restricting other providers from legitimate and timely use. In this work, we propose an alternative method to generate these policies by automatically mining usage patterns from electronic health record (EHR) systems. EHR systems are increasingly being integrated into clinical environments and our approach is designed to be generalizable across HCOs, thus assisting in the design and evaluation of local access control policies. Our technique, which is grounded in data mining and social network analysis theory, extracts a statistical model of the organization from the access logs of its EHRs. In doing so, our approach enables the review of predefined policies, as well as the discovery of unknown behaviors. We evaluate our approach with 5 months of access logs from the Vanderbilt University Medical Center and confirm the existence of stable social structures and intuitive business operations. Additionally, we demonstrate that there is significant turnover in the interactions between users in the HCO and that policies learned at the department-level afford greater stability over time.

[1]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[2]  Nicholas H. Lurie,et al.  Searching for Experience on the Web: An Empirical Examination of Consumer Behavior for Search and Experience Goods , 2009 .

[3]  David Young,et al.  Research Paper: Patient Experiences and Attitudes about Access to a Patient Electronic Health Care Record and Linked Web Messaging , 2004, J. Am. Medical Informatics Assoc..

[4]  George Hripcsak,et al.  Emergency Department Access to a Longitudinal Medical Record , 2007, J. Am. Medical Informatics Assoc..

[5]  Suzanne Bakken,et al.  Description of a method to support public health information management: Organizational network analysis , 2007, J. Biomed. Informatics.

[6]  David G. Stork,et al.  Pattern Classification , 1973 .

[7]  Ruth Breu,et al.  Constraint based role based access control in the SECTET-frameworkA model-driven approach , 2008, J. Comput. Secur..

[8]  Catarina Sismeiro,et al.  A Model of Web Site Browsing Behavior Estimated on Clickstream Data , 2003 .

[9]  Herbert S. Lin,et al.  Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions , 2009 .

[10]  Suzanne Bakken,et al.  An automated approach to studying health resource and infobutton use. , 2006, Studies in health technology and informatics.

[11]  B. Mobasher 3 Data Mining for Web Personalization , 2007 .

[12]  Peter S. Fader,et al.  Dynamic Conversion Behavior at E-Commerce Sites , 2004, Manag. Sci..

[13]  George Hripcsak,et al.  Case Report: Using Social Network Analysis within a Department of Biomedical Informatics to Induce a Discussion of Academic Communities of Practice , 2008, J. Am. Medical Informatics Assoc..

[14]  J Mathe,et al.  Model-based Design of Clinical Information Systems , 2008, Methods of Information in Medicine.

[15]  W. Hersh,et al.  Health care information technology: progress and barriers. , 2004, JAMA.

[16]  Parvati Dev,et al.  An analysis of technology usage for streaming digital video in support of a preclinical curriculum , 2000, AMIA.

[17]  Dario A. Giuse,et al.  Supporting Communication in an Integrated Patient Record System , 2003, AMIA.

[18]  A. Wall,et al.  Book ReviewTo Err is Human: building a safer health system Kohn L T Corrigan J M Donaldson M S Washington DC USA: Institute of Medicine/National Academy Press ISBN 0 309 06837 1 $34.95 , 2000 .

[19]  S. Lurie,et al.  Social Network Analysis as a Method of Assessing Institutional Culture: Three Case Studies , 2009, Academic medicine : journal of the Association of American Medical Colleges.

[20]  Stephen P. Borgatti,et al.  Centrality and network flow , 2005, Soc. Networks.

[21]  P. Killworth,et al.  The Problem of Informant Accuracy: The Validity of Retrospective Data , 1984 .

[22]  Jaideep Srivastava,et al.  Web usage mining: discovery and applications of usage patterns from Web data , 2000, SKDD.

[23]  Mark E. J. Newman,et al.  The Structure and Function of Complex Networks , 2003, SIAM Rev..

[24]  Anne F. Kittler,et al.  A cost-benefit analysis of electronic medical records in primary care. , 2003, The American journal of medicine.

[25]  Bernd Blobel,et al.  Modelling privilege management and access control , 2006, Int. J. Medical Informatics.

[26]  Bradley Malin,et al.  Correlating web usage of health information with patient medical data , 2002, AMIA.

[27]  Frank Nagy,et al.  Analysis of medical students' use of Web‐based resources for a gross anatomy and embryology course , 2002, Clinical anatomy.

[28]  James E. Ries,et al.  Data Mining in Medical Record Access Logs , 2001, AMIA.

[29]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[30]  Peter S. Fader,et al.  On the Depth and Dynamics of Online Search Behavior , 2004, Manag. Sci..

[31]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[32]  Alon Geva,et al.  Network Analysis of Team Structure in the Neonatal Intensive Care Unit , 2010, Pediatrics.

[33]  R. T. Riley,et al.  Managing change: an overview. , 2000, Journal of the American Medical Informatics Association : JAMIA.

[34]  L. Kohn,et al.  To Err Is Human : Building a Safer Health System , 2007 .

[35]  Jaideep Srivastava,et al.  Web mining: information and pattern discovery on the World Wide Web , 1997, Proceedings Ninth IEEE International Conference on Tools with Artificial Intelligence.

[36]  P. Shekelle,et al.  Systematic Review: Impact of Health Information Technology on Quality, Efficiency, and Costs of Medical Care , 2006, Annals of Internal Medicine.

[37]  Kai Zheng,et al.  Social networks and physician adoption of electronic health records: insights from an empirical study , 2010, J. Am. Medical Informatics Assoc..

[38]  Laurent Boyer,et al.  A social network analysis of healthcare professional relationships in a French hospital. , 2010, International journal of health care quality assurance.

[39]  George Hripcsak,et al.  An Audit Server for Monitoring Usage of Clinical Information Systems , 1998, AMIA.

[40]  Bamshad Mobasher,et al.  Data Mining for Web Personalization , 2007, The Adaptive Web.

[41]  Kenneth D Mandl,et al.  Sharing Medical Data for Health Research: The Early Personal Health Record Experience , 2010, Journal of medical Internet research.

[42]  James J. Cimino,et al.  Automated Discovery of Patient-Specific Clinician Information Needs Using Clinical Information System Log Files , 2003, AMIA.

[43]  Kannan Srinivasan,et al.  Modeling Online Browsing and Path Analysis Using Clickstream Data , 2004 .

[44]  D M D'Alessandro,et al.  Evaluating overall usage of a digital health sciences library. , 1998, Bulletin of the Medical Library Association.

[45]  S.C. Chu,et al.  From component-based to service oriented software architecture for healthcare , 2005, Proceedings of 7th International Workshop on Enterprise networking and Computing in Healthcare Industry, 2005. HEALTHCOM 2005..

[46]  Kathleen M. Carley,et al.  Computational organization science: A new frontier , 2002, Proceedings of the National Academy of Sciences of the United States of America.

[47]  B. Bloom Crossing the Quality Chasm: A New Health System for the 21st Century , 2002 .

[48]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[49]  Wendy W. Moe,et al.  Capturing evolving visit behavior in clickstream data , 2004 .

[50]  Peter S. Fader,et al.  Path Data in Marketing: An Integrative Framework and Prospectus for Model Building , 2009, Mark. Sci..

[51]  Stanley Wasserman,et al.  Social Network Analysis: Methods and Applications , 1994, Structural analysis in the social sciences.

[52]  Juha Mykkänen,et al.  Designing web services in health information systems: from process to application level. , 2007, International journal of medical informatics.

[53]  G. Eysenbach,et al.  Patient Accessible Electronic Health Records: Exploring Recommendations for Successful Implementation Strategies , 2008, Journal of medical Internet research.

[54]  Kathleen M. Carley,et al.  Research Paper: A Longitudinal Social Network Analysis of the Editorial Boards of Medical Informatics and Bioinformatics Journals , 2007, J. Am. Medical Informatics Assoc..