Team for Research in
Ubiquitous Secure Technology

Automatic Detection of Policies from Electronic Medical Record Access Logs
John Paulett, Bradley Malin

Citation
John Paulett, Bradley Malin. "Automatic Detection of Policies from Electronic Medical Record Access Logs". Talk or presentation, 11, November, 2008.

Abstract
Healthcare organizations (HCOs) are increasingly adopting clinical information systems for managing patients’ electronic medical records (EMRs). To support these activities, various model-based software platforms, such as Vanderbilt’s Model-Integrated Clinical Information System (MICIS) have been proposed to assist in the rapid development and evaluation of formal systems based on service oriented architectures. At the same time, these systems have integrated robust privacy and security policy specification and validation languages, such as Stanford’s logic based on contextual integrity. However, a significant remaining question is “what policies should be specified for data protection?” This question is difficult to address because healthcare environments are inherently dynamic, such that system have fuzzy underspecified rules, and both users and patients are constantly moving in and out of the system. This paper describes a software tool to automatically assist healthcare organizations in discovering and defining policies for access to their clinical information systems. The Healthcare Organizational Network Extraction Toolkit (HORNET) is an organization-nonspecific Java-based program that mines HCO EMR access logs to determine the underlying workflows and relationships in the system. HORNET performs this task by extracting a social network of users from the access logs and then generating association rules to indicate probabilities and strengths of associations. The system is heavily optimized to handle large networks, such as interactions between thousands of care providers. HORNET leverages novel statistical mechanisms, based on reciprocity in networks, to discover relationships between users and rules across a hospital’s departments. We evaluated HORNET with five months of access logs from the Vanderbilt University Medical Center. The sample started in January 2006 and included 9940 unique care providers and 350,889 unique patients, resulting in over 7.5 million access events. Our findings show that the network, at an individual level is highly volatile over time—82% of relationships no longer exist after 1 week and 90% no longer exist after 5 months. At a global level, though, the network remains stable, as we see a high degree of stability in our rules. We evaluated the rules for their existence and variability over time, in order to discover meaningful rules that can form the basis of defining what is normal for more advanced auditing. This duality quantifies the difficulty with which security administrators have in defining strict access policies and shows that a data mining approach can likely generate stable rules. We have successfully generated association rules which show logical and expected relationships as having high confidence and support. Our research demonstrates the feasibility of mining HCO access logs to discover underlying relationships and workflows in a dynamic setting.

Electronic downloads

Citation formats  
  • HTML
    John Paulett, Bradley Malin. <a
    href="http://www.truststc.org/pubs/476.html"
    ><i>Automatic Detection of Policies from Electronic
    Medical Record Access Logs</i></a>, Talk or
    presentation,  11, November, 2008.
  • Plain text
    John Paulett, Bradley Malin. "Automatic Detection of
    Policies from Electronic Medical Record Access Logs".
    Talk or presentation,  11, November, 2008.
  • BibTeX
    @presentation{PaulettMalin08_AutomaticDetectionOfPoliciesFromElectronicMedicalRecord,
        author = {John Paulett and Bradley Malin},
        title = {Automatic Detection of Policies from Electronic
                  Medical Record Access Logs},
        day = {11},
        month = {November},
        year = {2008},
        abstract = { 	Healthcare organizations (HCOs) are increasingly
                  adopting clinical information systems for managing
                  patientsâ electronic medical records (EMRs). To
                  support these activities, various model-based
                  software platforms, such as Vanderbiltâs
                  Model-Integrated Clinical Information System
                  (MICIS) have been proposed to assist in the rapid
                  development and evaluation of formal systems based
                  on service oriented architectures. At the same
                  time, these systems have integrated robust privacy
                  and security policy specification and validation
                  languages, such as Stanfordâs logic based on
                  contextual integrity. However, a significant
                  remaining question is âwhat policies should be
                  specified for data protection?â This question is
                  difficult to address because healthcare
                  environments are inherently dynamic, such that
                  system have fuzzy underspecified rules, and both
                  users and patients are constantly moving in and
                  out of the system. This paper describes a software
                  tool to automatically assist healthcare
                  organizations in discovering and defining policies
                  for access to their clinical information systems.
                  The Healthcare Organizational Network Extraction
                  Toolkit (HORNET) is an organization-nonspecific
                  Java-based program that mines HCO EMR access logs
                  to determine the underlying workflows and
                  relationships in the system. HORNET performs this
                  task by extracting a social network of users from
                  the access logs and then generating association
                  rules to indicate probabilities and strengths of
                  associations. The system is heavily optimized to
                  handle large networks, such as interactions
                  between thousands of care providers. HORNET
                  leverages novel statistical mechanisms, based on
                  reciprocity in networks, to discover relationships
                  between users and rules across a hospitalâs
                  departments. We evaluated HORNET with five months
                  of access logs from the Vanderbilt University
                  Medical Center. The sample started in January 2006
                  and included 9940 unique care providers and
                  350,889 unique patients, resulting in over 7.5
                  million access events. Our findings show that the
                  network, at an individual level is highly volatile
                  over timeâ82% of relationships no longer exist
                  after 1 week and 90% no longer exist after 5
                  months. At a global level, though, the network
                  remains stable, as we see a high degree of
                  stability in our rules. We evaluated the rules for
                  their existence and variability over time, in
                  order to discover meaningful rules that can form
                  the basis of defining what is normal for more
                  advanced auditing. This duality quantifies the
                  difficulty with which security administrators have
                  in defining strict access policies and shows that
                  a data mining approach can likely generate stable
                  rules. We have successfully generated association
                  rules which show logical and expected
                  relationships as having high confidence and
                  support. Our research demonstrates the feasibility
                  of mining HCO access logs to discover underlying
                  relationships and workflows in a dynamic setting.
                  	 },
        URL = {http://www.truststc.org/pubs/476.html}
    }
    

Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.