Proceedings of the 1998 conference on Advances in neural information processing systems II
The relationship between Precision-Recall and ROC curves
ICML '06 Proceedings of the 23rd international conference on Machine learning
An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
Detection of anomalous insiders in collaborative environments via relational analysis of access logs
Proceedings of the first ACM conference on Data and application security and privacy
Learning relational policies from electronic health record access logs
Journal of Biomedical Informatics
Like like alike: joint friendship and interest propagation in social networks
Proceedings of the 20th international conference on World wide web
Response prediction using collaborative filtering with hierarchies and side-information
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the VLDB Endowment
Machine learning for science and society
Machine Learning
Hi-index | 0.00 |
Many healthcare facilities enforce security on their electronic health records (EHRs) through a corrective mechanism: some staff nominally have almost unrestricted access to the records, but there is a strict ex post facto audit process for inappropriate accesses, i.e., accesses that violate the facility's security and privacy policies. This process is inefficient, as each suspicious access has to be reviewed by a security expert, and is purely retrospective, as it occurs after damage may have been incurred. This motivates automated approaches based on machine learning using historical data. Previous attempts at such a system have successfully applied supervised learning models to this end, such as SVMs and logistic regression. While providing benefits over manual auditing, these approaches ignore the identity of the users and patients involved in a record access. Therefore, they cannot exploit the fact that a patient whose record was previously involved in a violation has an increased risk of being involved in a future violation. Motivated by this, in this paper, we propose a collaborative filtering inspired approach to predicting inappropriate accesses. Our solution integrates both explicit and latent features for staff and patients, the latter acting as a personalized "fingerprint" based on historical access patterns. The proposed method, when applied to real EHR access data from two tertiary hospitals and a file-access dataset from Amazon, shows not only significantly improved performance compared to existing methods, but also provides insights as to what indicates an inappropriate access.