Team for Research in
Ubiquitous Secure Technology

Citation
John Paulett, Bradley Malin. "Automatic Detection of Policies from Electronic Medical Record Access Logs". Talk or presentation, 11, November, 2008.

Abstract
Healthcare organizations (HCOs) are increasingly adopting clinical information systems for managing patients’ electronic medical records (EMRs). To support these activities, various model-based software platforms, such as Vanderbilt’s Model-Integrated Clinical Information System (MICIS) have been proposed to assist in the rapid development and evaluation of formal systems based on service oriented architectures. At the same time, these systems have integrated robust privacy and security policy specification and validation languages, such as Stanford’s logic based on contextual integrity. However, a significant remaining question is “what policies should be specified for data protection?” This question is difficult to address because healthcare environments are inherently dynamic, such that system have fuzzy underspecified rules, and both users and patients are constantly moving in and out of the system. This paper describes a software tool to automatically assist healthcare organizations in discovering and defining policies for access to their clinical information systems. The Healthcare Organizational Network Extraction Toolkit (HORNET) is an organization-nonspecific Java-based program that mines HCO EMR access logs to determine the underlying workflows and relationships in the system. HORNET performs this task by extracting a social network of users from the access logs and then generating association rules to indicate probabilities and strengths of associations. The system is heavily optimized to handle large networks, such as interactions between thousands of care providers. HORNET leverages novel statistical mechanisms, based on reciprocity in networks, to discover relationships between users and rules across a hospital’s departments. We evaluated HORNET with five months of access logs from the Vanderbilt University Medical Center. The sample started in January 2006 and included 9940 unique care providers and 350,889 unique patients, resulting in over 7.5 million access events. Our findings show that the network, at an individual level is highly volatile over time—82% of relationships no longer exist after 1 week and 90% no longer exist after 5 months. At a global level, though, the network remains stable, as we see a high degree of stability in our rules. We evaluated the rules for their existence and variability over time, in order to discover meaningful rules that can form the basis of defining what is normal for more advanced auditing. This duality quantifies the difficulty with which security administrators have in defining strict access policies and shows that a data mining approach can likely generate stable rules. We have successfully generated association rules which show logical and expected relationships as having high confidence and support. Our research demonstrates the feasibility of mining HCO access logs to discover underlying relationships and workflows in a dynamic setting.

Electronic downloads

• 5%20-%20Paulett.ppt · application/vnd.ms-powerpoint · 2540 kbytes

• HTML

  John Paulett, Bradley Malin. <a
  href="http://www.truststc.org/pubs/476.html"
  ><i>Automatic Detection of Policies from Electronic
  Medical Record Access Logs</i></a>, Talk or
  presentation,  11, November, 2008.

• Plain text

  John Paulett, Bradley Malin. "Automatic Detection of
  Policies from Electronic Medical Record Access Logs".
  Talk or presentation,  11, November, 2008.

• BibTeX

  @presentation{PaulettMalin08_AutomaticDetectionOfPoliciesFromElectronicMedicalRecord,
      author = {John Paulett and Bradley Malin},
      title = {Automatic Detection of Policies from Electronic
                Medical Record Access Logs},
      day = {11},
      month = {November},
      year = {2008},
      abstract = { 	Healthcare organizations (HCOs) are increasingly
                adopting clinical information systems for managing
                patients� electronic medical records (EMRs). To
                support these activities, various model-based
                software platforms, such as Vanderbilt�s
                Model-Integrated Clinical Information System
                (MICIS) have been proposed to assist in the rapid
                development and evaluation of formal systems based
                on service oriented architectures. At the same
                time, these systems have integrated robust privacy
                and security policy specification and validation
                languages, such as Stanford�s logic based on
                contextual integrity. However, a significant
                remaining question is �what policies should be
                specified for data protection?� This question is
                difficult to address because healthcare
                environments are inherently dynamic, such that
                system have fuzzy underspecified rules, and both
                users and patients are constantly moving in and
                out of the system. This paper describes a software
                tool to automatically assist healthcare
                organizations in discovering and defining policies
                for access to their clinical information systems.
                The Healthcare Organizational Network Extraction
                Toolkit (HORNET) is an organization-nonspecific
                Java-based program that mines HCO EMR access logs
                to determine the underlying workflows and
                relationships in the system. HORNET performs this
                task by extracting a social network of users from
                the access logs and then generating association
                rules to indicate probabilities and strengths of
                associations. The system is heavily optimized to
                handle large networks, such as interactions
                between thousands of care providers. HORNET
                leverages novel statistical mechanisms, based on
                reciprocity in networks, to discover relationships
                between users and rules across a hospital�s
                departments. We evaluated HORNET with five months
                of access logs from the Vanderbilt University
                Medical Center. The sample started in January 2006
                and included 9940 unique care providers and
                350,889 unique patients, resulting in over 7.5
                million access events. Our findings show that the
                network, at an individual level is highly volatile
                over time�82% of relationships no longer exist
                after 1 week and 90% no longer exist after 5
                months. At a global level, though, the network
                remains stable, as we see a high degree of
                stability in our rules. We evaluated the rules for
                their existence and variability over time, in
                order to discover meaningful rules that can form
                the basis of defining what is normal for more
                advanced auditing. This duality quantifies the
                difficulty with which security administrators have
                in defining strict access policies and shows that
                a data mining approach can likely generate stable
                rules. We have successfully generated association
                rules which show logical and expected
                relationships as having high confidence and
                support. Our research demonstrates the feasibility
                of mining HCO access logs to discover underlying
                relationships and workflows in a dynamic setting.
                	 },
      URL = {http://www.truststc.org/pubs/476.html}
  }
  

Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.