Team for Research in
Ubiquitous Secure Technology

Learning Privacy Policy from Audit Logs
Bradley Malin

Citation
Bradley Malin. "Learning Privacy Policy from Audit Logs". Talk or presentation, 30, November, 2009.

Abstract
The healthcare community has made considerable strides in the development and deployment of information systems, with particular gains in electronic health records (EHRs). Many EHRs are equipped with role-based access control, but it is seldom practical in mission-critical environments, such as point-of-care hospitals, where roles lack clear and static definitions. The overarching objective of our research is to build technologies that protect patient privacy in complex primary care environments. The goal for this work specifically is in the development of methods that automatically monitor how users (e.g., physicians) access the records of subjects (e.g., patients). We model the system as dynamic teams participating in healthcare business processes and subsequently apply the learned models to score the “safety” of each recorded EHR access. Our pilot study with six-months data from the Vanderbilt University Medical Center, which contains over seven million accesses, has revealed that though there is churn in the teams, there are clear patterns of information use, as well as statistically confirmable anomalies of access. This presentation will illustrate some of the methods our tools apply and the open source framework that is available for evaluation and extension by the research community.

Electronic downloads


Internal. This publication has been marked by the author for use only by the author.
Citation formats  
  • HTML
    Bradley Malin. <a
    href="http://www.truststc.org/pubs/647.html"
    ><i>Learning Privacy Policy from Audit
    Logs</i></a>, Talk or presentation,  30,
    November, 2009.
  • Plain text
    Bradley Malin. "Learning Privacy Policy from Audit
    Logs". Talk or presentation,  30, November, 2009.
  • BibTeX
    @presentation{Malin09_LearningPrivacyPolicyFromAuditLogs,
        author = {Bradley Malin},
        title = {Learning Privacy Policy from Audit Logs},
        day = {30},
        month = {November},
        year = {2009},
        abstract = {The healthcare community has made considerable
                  strides in the development and deployment of
                  information systems, with particular gains in
                  electronic health records (EHRs). Many EHRs are
                  equipped with role-based access control, but it is
                  seldom practical in mission-critical environments,
                  such as point-of-care hospitals, where roles lack
                  clear and static definitions. The overarching
                  objective of our research is to build technologies
                  that protect patient privacy in complex primary
                  care environments. The goal for this work
                  specifically is in the development of methods that
                  automatically monitor how users (e.g., physicians)
                  access the records of subjects (e.g., patients).
                  We model the system as dynamic teams participating
                  in healthcare business processes and subsequently
                  apply the learned models to score the âsafetyâ
                  of each recorded EHR access. Our pilot study with
                  six-months data from the Vanderbilt University
                  Medical Center, which contains over seven million
                  accesses, has revealed that though there is churn
                  in the teams, there are clear patterns of
                  information use, as well as statistically
                  confirmable anomalies of access. This presentation
                  will illustrate some of the methods our tools
                  apply and the open source framework that is
                  available for evaluation and extension by the
                  research community.},
        URL = {http://www.truststc.org/pubs/647.html}
    }
    

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.