Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role Prediction Using Electronic Medical Record System Audits Wen Zhang 1, Carl Gunter 3, David Liebovitz 4, Jian Tian 1, Bradley Malin 1,2 1 Dept. of.

Published byBryce Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "Role Prediction Using Electronic Medical Record System Audits Wen Zhang 1, Carl Gunter 3, David Liebovitz 4, Jian Tian 1, Bradley Malin 1,2 1 Dept. of."— Presentation transcript:

1 Role Prediction Using Electronic Medical Record System Audits Wen Zhang 1, Carl Gunter 3, David Liebovitz 4, Jian Tian 1, Bradley Malin 1,2 1 Dept. of Electrical Engineering & Computer Science, Vanderbilt University 2 Dept. of Biomedical Informatics, Vanderbilt University 3 Dept. of Computer Science, University of Illinois at Urbana Champaign 4 Dept. of Medicine, Northwestern University 1

2 Misuse of EMR Systems is Real Medical center employees misuse medical record systems to breach privacy WhenWhereWho 2007Palisades Medical CenterGeorge Clooney 2011UCLAVarious Celebrities 2 HIPAA Security Rule  Access to EMRs should be limited The problem is not limited to celebrity snooping But how?

3 Challenges to Security in EMRs Basic security principle: –Least privilege –Separation of duty Access control technologies have been around since the 1970’s Information systems often provide role-based access control (RBAC) capability [1] –Privileges mapped roles –Users mapped to privileges Roles are hard to define, so EMR systems often provide broad access rights 3 [1] R.Sandhu, E.Coyne, H.Feinstein and C.Youman. IEEE computer. 1996.

4 In “Rare” Cases – Break the Glass A user may not sufficient access rights to perform job This model allows users to temporarily escalate privilege Access is logged and reviewed by administrator May require user to specify “reason” for access 4

5 Rare Cases? Central Norway Health Region enabled break the glass 53,000 of 99,000 patients (54.5%)  broken glass 5,000 of 12,000 users (42.7%)  broke the glass Over 295,000 logged breakage events in one month Role UsersInvoked Glass Breaks in Past Month Nurse563336% Doctor292752% Health Secretary187652% Physiotherapist38256% Psychologist19458% 5 [3] L. Røstad and N. Øystein. Proceedings of the 2 nd International Conference on Availability, Reliability and Security (ARES)

6 Idea! Refine Access Control Based on Behavior Experience-based Access Management (EBAM) Combine static knowledge (RBAC) with actual actions (access logs) and organizational knowledge for feedback control 6 RBAC EMR Access Logs Medical Center Knowledge Experience- Based Access Management [2] [2] C.Gunter, D.Liebovitz, B.Malin. IEEE Security and Privacy Magazine. 2011.

7 Use audit logs to predict if a user is associated with a role Goals: –Determine if expert-defined job titles are reasonable –Provide administrators with a better idea of how to refine roles The Role Prediction Problem for EBAM Doctor Nurse Role Classifier Biller …. 7 Access Reason Medical Service Location of Patient

8 UserPatientTimeServiceUser Position (Role)ReasonLocation u1u1 p1p1 8/4/10OBSTETRICSNMH Physician Office - CPOEAttending Phys/ProvWard A u2u2 p2p2 12/14/10OBSTETRICSNMH Physician - CPOEPatient CareWard A u 23 p3p3 12/14/10PEDIATRICSUnit Secretary 2Unit Secretary OrdersWard B Evaluation with Cerner EMR of Northwestern Memorial Hospital Represent users as vectors Statistics 8 UsersRolesReasonsServicesLocations 80951401434358 Example audit logs

9 To assist in role management, we worked with organization experts to build a hierarchy (specialized to Northwestern) Optimization Tradeoff: Goal 1: Accuracy (should increase as we step up in hierarchy) Goal 2: Separation of Duty (will increase as we step down) Leveraging Role Hierarchies Employee Doctor Specific Clinician Dietitian Junior Dietitian Senior Dietitian PhysicianNurse … … … … … … General (62 roles) Conceptual (5 roles) Specific (140 roles) 9

10 Basis of a “Role-Up” Algorithm General idea: Audit roles at different levels of the hierarchy 1.Score each role in conceptual position & general position 2.Select role with the highest score & generalize its children 3.Repeat 1 & 2 until a threshold score is reached 10 Allow administrators to balance between the prediction accuracy and separation of duties (number of roles)

11 Balanced Scoring Function R measures the extent to which specificity could be kept by the node A measures the extent to which predictablity could be achieved by the node 11

12 Employee Doctor Specific Clinician Dietary Junior Dietician Senior Dietician PhysicianNurse Nurse 1Nurse 2 Physician 2 Physician 1 0.476 0.224 0.410 0.4530.0441 α = 0.5, Threshold = 0.4 12

13 Employee Doctor Specific Clinician Dietary Junior Dietician Senior Dietician PhysicianNurse Nurse 1Nurse 2 0.2240.410 0.453 0.0441 13 α = 0.5, Threshold = 0.4

14 Employee Doctor Specific Clinician DietaryNurse Nurse 1 Nurse 2 After one iteration, the role set is {Doctor, Nurse 1, Nurse 2, Dietary} 14 α = 0.5, Threshold = 0.4

15 Training & Testing at the Same Level of the Role Hierarchy Employee Specific Clinician Nurse Nurse 1 15 Conceptual General Specific 82.38% 52.45% 51.34% Accuracy Level

16 Distribution of Accuracy Over the Role Hierarchy 16

17 RankRoleAccuracyUsers 1 (tie)AP-Technologist100%54 1 (tie)ED Assistant100%26 1 (tie)ED NMH Physician-CPOE100%43 1 (tie)NMH Resident/Fellow ID Clinic-CPOE100%10 1 (tie)Patient Care Staff Nurse – Lactation100%14 17 Most Predictable Roles

18 Least Predictable Roles RankRoleAccuracyUsers 140Patient Care Staff Nurse7.6%1554 139Rehab OT14.3%28 138Transfer20.0%20 137View Only PC 321.4%14 136Patient Care Staff Nurse (Pilot)22.1%217 18

19 Number of Users in the Role Can Influence Accuracy 19

20 Case Study: Most Likely Mispredictions for Patient Care Staff Nurse Predicted RolePrediction Patient Care Staff Nurse - Lactation19.6% View Only PC 114.3% Radiology – Nurse14.0% Patient Care Staff Nurse (Pilot)10.4% SN-RN/Customer Service5.8% 20

21 Original RolePredicted RoleProbability Rehab OTRehab PT85.7% Patient Care Staff Nurse - Agency Patient Care Staff Nurse - Lactation 75.0% Rehab PTRehab OT60.0% View Only PC 3 Patient Care Staff Nurse - Lactation 50.0% Medical Records - Scanner Medical Records47.4% 21 Most Likely Mispredictions

22 Parameter Bias Trades Between Accuracy and Separation of Duty Biased toward Accuracy: number of roles is small (27) accuracy is highest (63%) 22  0.1…0.80.9 Number of Roles Recommended 27…6064 Accuracy of Role Predictions 63.3%…51.8%51.3% Biased toward Specificity: number of roles is high (60) accuracy is lower (52%)

23 Conclusion and Future Plans 23 EHR audit logs can be analyzed to determine if the users’ behaviors are consistent with their designated job titles Role hierarchies enable automatic discovery of appropriate levels of role management Plan to expand Role-“up” to allow for Role-“down” and Role-“over” Need to evaluate Role-up with real hospital administrators, to assess its usability and acceptance of results

24 Acknowledgements National Science Foundation –CCF-024422 –CNS-0964063 National Library of Medicine –R01-LM010207 Office of the National Coordinator for HIT –SHARPS (sharps.org) 24

25 Questions? wen.zhang.1@vanderbilt.edu 25

Download ppt "Role Prediction Using Electronic Medical Record System Audits Wen Zhang 1, Carl Gunter 3, David Liebovitz 4, Jian Tian 1, Bradley Malin 1,2 1 Dept. of."

Similar presentations

Role-Based Access Control CS461/ECE422 Fall 2011.

Role-Based Access Control CS461/ECE422 Fall 2011.
Validating EMR Audit Automation Carl A. Gunter University of Illinois Accountable Systems Workshop.

Validating EMR Audit Automation Carl A. Gunter University of Illinois Accountable Systems Workshop.
Imbalanced data David Kauchak CS 451 – Fall 2013.

Imbalanced data David Kauchak CS 451 – Fall 2013.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
PowerChart Basics Session 1 June 2009. Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.

PowerChart Basics Session 1 June Goal: To acquaint the user with the basics of PowerChart patient information security. Objective: 1.State the importance.
Breaking Down Barriers to Health Information Exchange: How Clinical Leadership is Shaping ConnectingGTA e-Health Conference 2013: Accelerating Change May.

Breaking Down Barriers to Health Information Exchange: How Clinical Leadership is Shaping ConnectingGTA e-Health Conference 2013: Accelerating Change May.
Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.

Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.
MOLEDINA-1 CSE 5810 CSE5810: Intro to Biomedical Informatics The Role of AI in Clinical Decision Support Saahil Moledina University of Connecticut

MOLEDINA-1 CSE 5810 CSE5810: Intro to Biomedical Informatics The Role of AI in Clinical Decision Support Saahil Moledina University of Connecticut
In this section think about….  What qualifications would be required for each of the HELP roles?  Describe the job descriptions for each of these roles.

In this section think about….  What qualifications would be required for each of the HELP roles?  Describe the job descriptions for each of these roles.
Presented by Jerome Scott.  Describe the common components of Electronic Health Records (EHR).  Assess the benefits of an EHR.  Evaluate outcomes of.

Presented by Jerome Scott.  Describe the common components of Electronic Health Records (EHR).  Assess the benefits of an EHR.  Evaluate outcomes of.
What Happens after You Sign with Missouri Health Information Technology Assistance Center?

What Happens after You Sign with Missouri Health Information Technology Assistance Center?
Presented by Zeehasham Rasheed

Presented by Zeehasham Rasheed
University of Minho School of Engineering Computer Science and Technology Center Uma Escola a Reinventar o Futuro – Semana da Escola de Engenharia - 24.

University of Minho School of Engineering Computer Science and Technology Center Uma Escola a Reinventar o Futuro – Semana da Escola de Engenharia - 24.
Personalized Ontologies for Web Search and Caching Susan Gauch Information and Telecommunications Technology Center Electrical Engineering and Computer.

Personalized Ontologies for Web Search and Caching Susan Gauch Information and Telecommunications Technology Center Electrical Engineering and Computer.
project management office(PMO)

project management office(PMO)
Implementation of Enterprise Wide Speech Recognition, Text-based Documentation and Automated Document Distribution May 27, 2013 Michelle Leafloor.

Implementation of Enterprise Wide Speech Recognition, Text-based Documentation and Automated Document Distribution May 27, 2013 Michelle Leafloor.
Current and Emerging Use of Clinical Information Systems

Current and Emerging Use of Clinical Information Systems
Information Services ProcessTechnology People Online Brand Management in a Health Organization.

Information Services ProcessTechnology People Online Brand Management in a Health Organization.
Modeling and Detecting Anomalous Topic Access Siddharth Gupta 1, Casey Hanson 2, Carl A Gunter 3, Mario Frank 4, David Liebovitz 4, Bradley Malin 6 1,2,3,4.

Modeling and Detecting Anomalous Topic Access Siddharth Gupta 1, Casey Hanson 2, Carl A Gunter 3, Mario Frank 4, David Liebovitz 4, Bradley Malin 6 1,2,3,4.

Similar presentations

Ads by Google