Automated Detection of Anomalous Accesses to Electronic Health Records

自动检测电子健康记录的异常访问

基本信息

  • 批准号:
    7938889
  • 负责人:
  • 金额:
    $ 24.21万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
  • 财政年份:
    2009
  • 资助国家:
    美国
  • 起止时间:
    2009-09-30 至 2013-09-29
  • 项目状态:
    已结题

项目摘要

DESCRIPTION (provided by applicant): The decreasing cost of information technologies has rapidly enabled the collection, storage, and application of highly sensitive personal information in healthcare environments, which until recently, were dependent on paper documentation, face-to-face interactions, and physical protections for all matters trust-related. As these environments migrate to the electronic setting, it is imperative, as well as our legal and social obligation, to protect the privacy of patients" electronic health records (EHRs) from threats that are external, as well as internal, to healthcare organizations (HCOs). For the most part, the medical informatics and computer science communities have focused on the external threat, which has led to the development of sophisticated information and computer security mechanisms. However, the internal threat has been neglected, mainly due to the dynamic nature of complex HCOs, such as large distributed medical centers. One of the most significant challenges of data protection in HCOs is that we cannot limit service providers' access to the records in mission critical settings. Consider when a hospital patient requires treatment and a care provider's access to their EHR is delayed or denied, the patient may suffer considerable harm or death. Federal regulations, such as the Security Rule of the Health Insurance Portability and Accountability Act, require HCOs to stockpile access logs, but there are no clear mechanisms for auditing beyond simple manual spot checks, which are limited in scope. Thus, the overarching goal of this project to develop automated methods to data mine EHR access logs to detect when potentially privacy-violating accesses have been committed, so that the appropriate authorities may be alerted to follow-up with an investigation. Our primary goal is to develop informatics tools to monitor how users (e.g., physicians) access the records of subjects (e.g., patients) in the system and flag potentially privacy-compromising actions (e.g., an unauthorized "peek"). The proposed tools will integrate HCO knowledge and access log repositories to represent the system as a dynamic social network of teams and business processes that are applied to score the "safety" of each recorded access. The specific objectives of the proposed project are (1) to develop a scientific foundation for automatically learning and modeling the normal business operations of HCOs from EHR access logs, (2) to automatically detect EHR accesses that are suspicious in the context of learned HCO operations, (3) to evaluate our approach with expert feedback, and (4) to implement our approaches in an extendable software tool that is rapidly reconfigurable to any EHR system. In support of these goals, we will evaluate real world access logs from the EHR system of the Vanderbilt University Medical Center, which is a detailed repository with data covering tens of thousands of users and over a million patients. We believe that auditing tools for EHR systems, such as those developed through this research, are crucial to the continued adoption of health information technologies without sacrificing patients' privacy rights.
描述(由申请人提供): 信息技术的降低成本迅速使医疗保健环境中高度敏感的个人信息的收集,存储和应用能够依赖于纸质文档,面对面的互动以及对所有问题相关的物理保护。随着这些环境迁移到电子环境,保护患者的隐私是“电子健康记录(EHR)免受外部和内部的威胁,对医疗保健组织(HCOS)(HCOS)的威胁。在最多的角度上,医疗信息和计算机科学社区对外部威胁进行了机构,该机构是在机构中的发展,该机构是在机构上的发展,该机构的发展范围是多种多样的。忽略了复杂的HCO的动态性质,例如大型分布式医疗中心。需要HCO来库存访问日志,但是除了简单的手动点检查外,没有明确的审核机制,这些机制受到范围的限制。因此,该项目开发自动化方法的总体目标是数据挖掘EHR访问日志,以检测何时实施潜在的隐私竞争访问,以便可以通过调查来提醒适当的当局以进行跟进。我们的主要目标是开发信息学工具,以监视用户(例如,医生)如何访问系统中受试者(例如患者)的记录,并可能会访问潜在的隐私性掌握动作(例如,未经授权的“ PEEK”)。所提出的工具将集成HCO知识和访问日志存储库,以将系统表示为动态的团队和业务流程的社交网络,用于对每个记录的访问权限的“安全性”进行评分。拟议项目的具体目的是(1)为自动学习和建模来自EHR访问日志的HCO的正常业务运营的科学基础,(2)自动检测EHR访问,这些EHR访问在学习的HCO操作的上下文中是可疑的,(3)可以用专家反馈来评估我们的方法,以快速地将我们的求解方法评估我们的方法。为了支持这些目标,我们将评估范德比尔特大学医学中心EHR系统的现实世界访问日志,该系统是一个详细的存储库,其中涵盖了数以万计的用户和超过一百万的患者。我们认为,用于EHR系统的审计工具(例如通过这项研究开发的工具)对于不牺牲患者的隐私权而在不牺牲患者的隐私权的情况下继续采用健康信息技术至关重要。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

暂无数据

数据更新时间:2024-06-01

Bradley A. Malin其他文献

Dataset Representativeness and Downstream Task Fairness
数据集代表性和下游任务公平性
  • DOI:
  • 发表时间:
    2024
    2024
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Victor A. Borza;Andrew Estornell;Chien;Bradley A. Malin;Yevgeniy Vorobeychik
    Victor A. Borza;Andrew Estornell;Chien;Bradley A. Malin;Yevgeniy Vorobeychik
  • 通讯作者:
    Yevgeniy Vorobeychik
    Yevgeniy Vorobeychik
APPLICATIONS OF HOMOMORPHIC ENCRYPTION
同态加密的应用
  • DOI:
  • 发表时间:
    2017
    2017
  • 期刊:
  • 影响因子:
    0
  • 作者:
    David Archer;Lily Chen;Jung Hee Cheon;Ran Gilad;Roger A. Hallman;Zhicong Huang;Xiaoqian Jiang;R. Kumaresan;Bradley A. Malin;Heidi Sofia;Yongsoo Song;Shuang Wang
    David Archer;Lily Chen;Jung Hee Cheon;Ran Gilad;Roger A. Hallman;Zhicong Huang;Xiaoqian Jiang;R. Kumaresan;Bradley A. Malin;Heidi Sofia;Yongsoo Song;Shuang Wang
  • 通讯作者:
    Shuang Wang
    Shuang Wang
Protecting Genomic Sequence Anonymity with Generalization Lattices
共 3 条
  • 1
前往

Bradley A. Malin的其他基金

Ethics Core (FABRIC)
道德核心 (FABRIC)
  • 批准号:
    10662376
    10662376
  • 财政年份:
    2023
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
Ethics Core (FABRIC)
道德核心 (FABRIC)
  • 批准号:
    10473062
    10473062
  • 财政年份:
    2022
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    8695427
    8695427
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    9301793
    9301793
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    9193769
    9193769
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    8548389
    8548389
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    9754854
    9754854
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    9360125
    9360125
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    8341447
    8341447
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
A Risk Management Framework for Identifiability in Genomics Research
基因组学研究中可识别性的风险管理框架
  • 批准号:
    8915734
    8915734
  • 财政年份:
    2012
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:

相似海外基金

Automated Detection of Anomalous Accesses to Electronic Health Records
自动检测电子健康记录的异常访问
  • 批准号:
    8323988
    8323988
  • 财政年份:
    2009
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
Automated Detection of Anomalous Accesses to Electronic Health Records
自动检测电子健康记录的异常访问
  • 批准号:
    7766720
    7766720
  • 财政年份:
    2009
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
Automated Detection of Anomalous Accesses to Electronic Health Records
自动检测电子健康记录的异常访问
  • 批准号:
    8139876
    8139876
  • 财政年份:
    2009
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
Program and Planning and Evaluation
计划、规划和评估
  • 批准号:
    7696569
    7696569
  • 财政年份:
    2008
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别:
AIDS Malignancy Clinical Trials Consortium
艾滋病恶性肿瘤临床试验联盟
  • 批准号:
    7689546
    7689546
  • 财政年份:
    2006
  • 资助金额:
    $ 24.21万
    $ 24.21万
  • 项目类别: