Detecting Inappropriate Access to Electronic Health Records Using Collaborative Filtering.

TitleDetecting Inappropriate Access to Electronic Health Records Using Collaborative Filtering.
Publication TypeJournal Article
Year of Publication2014
AuthorsMenon, AKrishna, Jiang, X, Kim, J, Vaidya, J, Ohno-Machado, L
JournalMach Learn
Volume95
Issue1
Pagination87-101
Date Published2014 Apr 1
ISSN0885-6125
iDASH CategoryPrivacy Technology
Abstract<p>Many healthcare facilities enforce security on their electronic health records (EHRs) through a corrective mechanism: some staff nominally have almost unrestricted access to the records, but there is a strict ex post facto audit process for inappropriate accesses, i.e., accesses that violate the facility's security and privacy policies. This process is inefficient, as each suspicious access has to be reviewed by a security expert, and is purely retrospective, as it occurs after damage may have been incurred. This motivates automated approaches based on machine learning using historical data. Previous attempts at such a system have successfully applied supervised learning models to this end, such as SVMs and logistic regression. While providing benefits over manual auditing, these approaches ignore the identity of the users and patients involved in a record access. Therefore, they cannot exploit the fact that a patient whose record was previously involved in a violation has an increased risk of being involved in a future violation. Motivated by this, in this paper, we propose a collaborative filtering inspired approach to predicting inappropriate accesses. Our solution integrates both explicit and latent features for staff and patients, the latter acting as a personalized "finger-print" based on historical access patterns. The proposed method, when applied to real EHR access data from two tertiary hospitals and a file-access dataset from Amazon, shows not only significantly improved performance compared to existing methods, but also provides insights as to what indicates an inappropriate access.</p>
DOI10.1007/s10994-013-5376-1
Alternate JournalMach Learn
PubMed ID24683293
PubMed Central IDPMC3967851
Grant ListK99 LM011392 / LM / NLM NIH HHS / United States
R00 LM011392 / LM / NLM NIH HHS / United States
R01 LM009520 / LM / NLM NIH HHS / United States
U54 HL108460 / HL / NHLBI NIH HHS / United States