Why and Where: A Characterization of Data Provenance
ICDT '01 Proceedings of the 8th International Conference on Database Theory
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Provenance in Databases
PolicyReplay: misconfiguration-response queries for data breach reporting
Proceedings of the VLDB Endowment
Detection of anomalous insiders in collaborative environments via relational analysis of access logs
Proceedings of the first ACM conference on Data and application security and privacy
Learning relational policies from electronic health record access logs
Journal of Biomedical Informatics
Hi-index | 0.00 |
Electronic health record systems (EHRs) are increasingly used to store patient medical information. To ensure the responsible use of this data, EHRs collect access logs, which record each access to sensitive data (e.g., a patient's record). Using the access log, it is easy to determine who has accessed a specific medical record. However, in addition to this information, we observe that for various applications such as user-centric auditing, it is also important to understand why each access occurred. In this paper, we study why accesses occur in EHRs. Our goal is to provide an explanation describing why each access occurred (e.g., Dr. Dave accessed Alice's medical record because Dr. Dave has an appointment with Alice). Using data from the University of Michigan Health System, we demonstrate that most accesses to EHRs occur for a valid clinical or operational reason, and often the reason is documented in the EHR database. Specifically, we observe three general types of explanations (direct, group, and consultation), and we show that these explanations can explain over 90% of the accesses in the log. Moreover, we identify collaborative groups that help to explain additional accesses.