Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Web usage mining: discovery and applications of usage patterns from Web data
ACM SIGKDD Explorations Newsletter
Web Mining: Information and Pattern Discovery on the World Wide Web
ICTAI '97 Proceedings of the 9th International Conference on Tools with Artificial Intelligence
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
On the Depth and Dynamics of Online Search Behavior
Management Science
Modeling Online Browsing and Path Analysis Using Clickstream Data
Marketing Science
Journal of Biomedical Informatics
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Data mining for web personalization
The adaptive web
Explaining accesses to electronic health records
Proceedings of the 2011 workshop on Data mining for medicine and healthcare
Context-aware anomaly detection for electronic medical record systems
HealthSec'11 Proceedings of the 2nd USENIX conference on Health security and privacy
Proceedings of the VLDB Endowment
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
Hi-index | 0.00 |
Modern healthcare organizations (HCOs) are composed of complex dynamic teams to ensure clinical operations are executed in a quick and competent manner. At the same time, the fluid nature of such environments hinders administrators' efforts to define access control policies that appropriately balance patient privacy and healthcare functions. Manual efforts to define these policies are labor-intensive and error-prone, often resulting in systems that endow certain care providers with overly broad access to patients' medical records while restricting other providers from legitimate and timely use. In this work, we propose an alternative method to generate these policies by automatically mining usage patterns from electronic health record (EHR) systems. EHR systems are increasingly being integrated into clinical environments and our approach is designed to be generalizable across HCOs, thus assisting in the design and evaluation of local access control policies. Our technique, which is grounded in data mining and social network analysis theory, extracts a statistical model of the organization from the access logs of its EHRs. In doing so, our approach enables the review of predefined policies, as well as the discovery of unknown behaviors. We evaluate our approach with 5months of access logs from the Vanderbilt University Medical Center and confirm the existence of stable social structures and intuitive business operations. Additionally, we demonstrate that there is significant turnover in the interactions between users in the HCO and that policies learned at the department-level afford greater stability over time.