Using statistical and machine learning to help institutions detect suspicious access to electronic health records

Boxwala, Aziz A.; Kim, Jihoon; Grillo, Janice M; Ohno-Machado, Lucila

doi:10.1136/amiajnl-2011-000217

Cited by 73 publications

(61 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Over the past decades, many auditing methods have been presented. Several supervised machine learning approaches, such as logistic regression and support vector machine, have been applied to detect suspicious access [21]. However, relying too much on expected judgments and predefined tags restricts their large-scale promotion.…”

Section: Trusted Third Partymentioning

confidence: 99%

Security and Privacy in the Medical Internet of Things: A Review

Sun

Cai

et al. 2018

Security and Communication Networks

228

128

View full text Add to dashboard Cite

Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients' health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled by MIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collected from MIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns. This paper focuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existing solutions to security and privacy issues, together with the open challenges and research issues for future work.

show abstract

Section: Trusted Third Partymentioning

confidence: 99%

Security and Privacy in the Medical Internet of Things: A Review

Sun

Cai

et al. 2018

Security and Communication Networks

228

128

View full text Add to dashboard Cite

show abstract

Section: Author Manuscript Author Manuscriptmentioning

confidence: 99%

“…Previous research has used access logs to examine how physicians use EHRs, [13][14][15][16][17][18] to develop local access policies, 19 and to detect suspicious access. 20 We report here on an innovative use of the access log to study primary care physician work effort.Similar to a customs agent stamping an international traveler's passport with the time and place of entry and exit, the EpicCare EHR maintains an access log that tracks many discrete, time-stamped actions associated with patient care. The log records the user, time of access, device from which the EHR was accessed, and section of the EHR section that was accessed (for example, a medication list or lab results).…”

mentioning

confidence: 99%

Electronic Health Record Logs Indicate That Physicians Split Time Evenly Between Seeing Patients And Desktop Medicine

Tai-Seale¹,

et al. 2017

View full text Add to dashboard Cite

Time spent by physicians is a key resource in health care delivery. This study used data captured by the access time stamp functionality of an electronic health record (EHR) to examine physician work effort. This is a potentially powerful, yet unobtrusive, way to study physicians' use of time. We used data on physicians' time allocation patterns captured by over thirty-one million EHR transactions in the period 2011-14 recorded by 471 primary care physicians, who collectively worked on 765,129 patients' EHRs. Our results suggest that the physicians logged an average of 3.08 hours on office visits and 3.17 hours on desktop medicine each day. Desktop medicine consists of activities such as communicating with patients through a secure patient portal, responding to patients' online requests for prescription refills or medical advice, ordering tests, sending staff messages, and reviewing test results. Over time, log records from physicians showed a decline in the time allocated to face-to-face visits, accompanied by an increase in time allocated HHS Public AccessAuthor manuscript Health Aff (Millwood). Author manuscript; available in PMC 2017 August 07. Author Manuscript Author ManuscriptAuthor Manuscript Author Manuscript to desktop medicine. Staffing and scheduling in the physician's office, as well as provider payment models for primary care practice, should account for these desktop medicine efforts.Physician time is a key resource in health services delivery. Understanding how physicians spend their clinical time is essential, given the need to understand practical capacity; guide staffing, scheduling, and support models in the physician's office; and improve the accuracy of payment for physician services. Fee-for-service payments are intended to reflect resources (captured as relative value units, or RVUs) used before, during, and after clinical encounters associated with face-to-face ambulatory care visits. 1-3 Questions have been raised about whether the reports underlying the RVU estimates are accurate and representative of true physician effort in providing patient care services. In the age of electronic health records (EHRs) with patient portals, patients often request services (such as prescription refills and medical advice) online, without face-to-face visits. Physician effort in addressing these online requests was absent from the original RVU calculations. [1][2][3] In addition to physician reports of their own efforts, 2,4,5 researchers have used time-andmotion studies 6 and video 7 and audio recordings. 8 While these methods capture significant physician effort, 6,9-11 they are costly to use and often evaluate only a limited number of physicians. Even the resource-based relative values scale (RBRVS) was built, for some specialties, on survey responses to vignettes from about twenty physicians. 1 This scale is still the chief tool used to determine the periodic updates to the Medicare Fee Schedule. Furthermore, concerns about the Hawthorne effect preclude ongoing, broad-based direct observa...

show abstract

“…In doing so, the AUC indicates the agility of a classifier, where the "best" classifier is the one that maximizes this value. The AUC has been invoked as a common approach for assessing various classification models for information security, such as intrusion detection systems (e.g., [12]), malware detection (e.g., [11]), and auditing techniques for EMRs (e.g., [1]). We recognize the relevance of machine learning (for which AUC is a popular evaluation measure), for information security has been questioned [19].…”

Section: Comparison Of Classification Modelsmentioning

confidence: 99%

“…Much of the work on access control has focused on the prospective decision making, but it has often been pointed out [15,20] that retrospective decision making, in which users beg for forgiveness rather than permission, has some significant advantages. In many applications: (1) it is difficult to determine what access a user requires in advance, (2) denying access to a user with a legitimate need could result in significant inconvenience, expense, or loss, (3) most users are responsible and can be trusted to access resources for legitimate reasons, and (4) accountability (such as disciplinary action) is effective in deterring abuses. An iconic example of such a situation is access to patient records in Electronic Medical Record (EMR) systems, where (1) hospital workflows are complex and commonly involve emergencies and unexpected events, (2) lack of timely access could result in the loss of a patient's life, (3) most healthcare providers are highly trained and ethical professionals, and (4) there are strong penalties for abuse.…”

Section: Introductionmentioning

confidence: 99%

Decide Now or Decide Later?

Zhang

Chen

Cybulski

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

One of the greatest challenges an organization faces is determining when an employee is permitted to utilize a certain resource in a system. This "insider threat" can be addressed through two strategies: i) prospective methods, such as access control, that make a decision at the time of a request, and ii) retrospective methods, such as post hoc auditing, that make a decision in the light of the knowledge gathered afterwards. While it is recognized that each strategy has a distinct set of benefits and drawbacks, there has been little investigation into how to provide system administrators with practical guidance on when one or the other should be applied. To address this problem, we introduce a framework to compare these strategies on a common quantitative scale. In doing so, we translate these strategies into classification problems using a context-based feature space that assesses the likelihood that an access request is legitimate. We then introduce a technique called bispective analysis to compare the performance of the classification models under the situation of non-equivalent costs for false positive and negative instances, a significant extension on traditional cost analysis techniques, such as analysis of the receiver operator characteristic (ROC) curve. Using domain-specific cost estimates and access logs of several months from a large Electronic Medical Record (EMR) system, we demonstrate how bispective analysis can support meaningful decisions about the relative merits of prospective and retrospective decision making for specific types of hospital personnel.

show abstract

Using statistical and machine learning to help institutions detect suspicious access to electronic health records

Cited by 73 publications

References 17 publications

Security and Privacy in the Medical Internet of Things: A Review

Security and Privacy in the Medical Internet of Things: A Review

Electronic Health Record Logs Indicate That Physicians Split Time Evenly Between Seeing Patients And Desktop Medicine

Decide Now or Decide Later?

Contact Info

Product

Resources

About