Team for Research in
Ubiquitous Secure Technology

Citation
Bradley Malin. "Learning Privacy Policy from Audit Logs". Talk or presentation, 30, November, 2009.

Abstract
The healthcare community has made considerable strides in the development and deployment of information systems, with particular gains in electronic health records (EHRs). Many EHRs are equipped with role-based access control, but it is seldom practical in mission-critical environments, such as point-of-care hospitals, where roles lack clear and static definitions. The overarching objective of our research is to build technologies that protect patient privacy in complex primary care environments. The goal for this work specifically is in the development of methods that automatically monitor how users (e.g., physicians) access the records of subjects (e.g., patients). We model the system as dynamic teams participating in healthcare business processes and subsequently apply the learned models to score the “safety” of each recorded EHR access. Our pilot study with six-months data from the Vanderbilt University Medical Center, which contains over seven million accesses, has revealed that though there is churn in the teams, there are clear patterns of information use, as well as statistically confirmable anomalies of access. This presentation will illustrate some of the methods our tools apply and the open source framework that is available for evaluation and extension by the research community.

Electronic downloads

• HTML

  Bradley Malin. <a
  href="http://www.truststc.org/pubs/647.html"
  ><i>Learning Privacy Policy from Audit
  Logs</i></a>, Talk or presentation,  30,
  November, 2009.

• Plain text

  Bradley Malin. "Learning Privacy Policy from Audit
  Logs". Talk or presentation,  30, November, 2009.

• BibTeX

  @presentation{Malin09_LearningPrivacyPolicyFromAuditLogs,
      author = {Bradley Malin},
      title = {Learning Privacy Policy from Audit Logs},
      day = {30},
      month = {November},
      year = {2009},
      abstract = {The healthcare community has made considerable
                strides in the development and deployment of
                information systems, with particular gains in
                electronic health records (EHRs). Many EHRs are
                equipped with role-based access control, but it is
                seldom practical in mission-critical environments,
                such as point-of-care hospitals, where roles lack
                clear and static definitions. The overarching
                objective of our research is to build technologies
                that protect patient privacy in complex primary
                care environments. The goal for this work
                specifically is in the development of methods that
                automatically monitor how users (e.g., physicians)
                access the records of subjects (e.g., patients).
                We model the system as dynamic teams participating
                in healthcare business processes and subsequently
                apply the learned models to score the �safety�
                of each recorded EHR access. Our pilot study with
                six-months data from the Vanderbilt University
                Medical Center, which contains over seven million
                accesses, has revealed that though there is churn
                in the teams, there are clear patterns of
                information use, as well as statistically
                confirmable anomalies of access. This presentation
                will illustrate some of the methods our tools
                apply and the open source framework that is
                available for evaluation and extension by the
                research community.},
      URL = {http://www.truststc.org/pubs/647.html}
  }
  

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.