Generating Log Requirements for Checking Conformance against Healthcare Standards using Workflow Modelling

The healthcare industry establishes policies and standards to improve the quality of health processes and their delivery. Auditing and monitoring can be used to measure the quality of healthcare and check compliance with the health policies. Appropriate logging mechanisms can be considered as a key component to manage compliance initiatives because they can be used to monitor and audit low performance, malfunctions and unauthorised user activities. However, existing Health Information Systems (HISs) inadequately implement logging mechanisms, making it crucial to be improved for policy compliance. Identification of sufficient logging requirements is one of the major challenges faced by HIS developers. We present a step-wise workflow modelling approach to help identify logging requirements that can facilitate proper auditing against established typical patient journeys and documented healthcare policies and standards. As a case study we develop a healthcare event log file containing sufficient log details which has been merged from different hosts in a HIS in order to gather necessary log details to audit for policy compliance.

[1]  Kees Ahaus,et al.  Understanding how and why audits work: protocol for a realist review of audit programmes to improve hospital care , 2017, BMJ Open.

[2]  Boudewijn F. van Dongen,et al.  Controlling Break-the-Glass through Alignment , 2013, 2013 International Conference on Social Computing.

[3]  Moe Thandar Wynn,et al.  Process Mining for Clinical Processes , 2015, ACM Trans. Manag. Inf. Syst..

[4]  Colin J. Fidge,et al.  Challenges for Log Based Detection of Privacy Violations during Healthcare Emergencies , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[5]  Wendy MacCaull,et al.  Modeling and Verifying Timed Compensable Workflows and an Application to Health Care , 2011, FMICS.

[6]  Remco M. Dijkman,et al.  Semantics and analysis of business process models in BPMN , 2008, Inf. Softw. Technol..

[7]  Jorge Munoz-Gama,et al.  Process mining in healthcare: A literature review , 2016, J. Biomed. Informatics.

[8]  Marite Kirikova,et al.  Towards Extending BPMN with the Knowledge Dimension , 2010, BMMDS/EMMSAD.

[9]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[10]  Michael Huth,et al.  Authorized workflow schemas: deciding realizability through \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf{LT , 2013, International Journal on Software Tools for Technology Transfer.

[11]  Munindar P. Singh,et al.  Modeling Healthcare Processes Using Commitments: An Empirical Evaluation , 2015, PloS one.

[12]  Daniel Le Métayer,et al.  Log Analysis for Data Protection Accountability , 2013, FM.

[13]  Miklos A. Vasarhelyi,et al.  The case for process mining in auditing: Sources of value added and areas of application , 2013, Int. J. Account. Inf. Syst..

[14]  Hester Vermeulen,et al.  Medication audit and feedback by a clinical pharmacist decrease medication errors at the PICU: An interrupted time series analysis , 2018, Health science reports.

[15]  Suzanne Bakken,et al.  Approaches to Workflow Analysis in Healthcare Settings , 2012, Nursing Informatics.

[16]  Peter F. Edemekong,et al.  Health Insurance Portability and Accountability Act , 2020 .

[17]  R. Sorelle US Department of Health and Human Services gives states wider latitude in choosing services to be covered by Medicaid. , 2001, Circulation.

[18]  Mathias Weske Business Process Management Architectures , 2012 .

[19]  Sandro Etalle,et al.  Behavior analysis in the medical sector: theory and practice , 2018, SAC.

[20]  Helen D. Karatza,et al.  Performance evaluation of cloud-based log file analysis with Apache Hadoop and Apache Spark , 2017, J. Syst. Softw..

[21]  Pasquale Esposito,et al.  Clinical audit, a valuable tool to improve quality of care: General methodology and applications in nephrology. , 2014, World journal of nephrology.

[22]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[23]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[24]  K. Priya,et al.  Impact of Electronic Prescription Audit Process to Reduce Outpatient Medication Errors , 2017 .

[25]  Tony R. Sahama,et al.  Delegation of access in an information accountability framework for eHealth , 2016, ACSW.

[26]  Eric Breton,et al.  Health policy – why research it and how: health political science , 2014, Health Research Policy and Systems.

[27]  Mark Strembeck,et al.  A UML Extension for Modeling Break-Glass Policies , 2012, EMISA.

[28]  Ali Sunyaev,et al.  Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing , 2016, IEEE Transactions on Cloud Computing.

[29]  Colin J. Fidge,et al.  Anatomy of log files: Implications for information accountability measures , 2016, 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom).

[30]  Benny Rochwerger,et al.  A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[31]  Romain Laborde,et al.  Specification and Enforcement of Dynamic Authorization Policies Oriented by Situations , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[32]  Severin Kacianka,et al.  How Accountability is Implemented and Understood in Research Tools - A Systematic Mapping Study , 2017, PROFES.

[33]  Moe Thandar Wynn,et al.  Measuring Patient Flow Variations: A Cross-Organisational Process Mining Approach , 2014, AP-BPM.