Machine Learning

, Volume 95, Issue 1, pp 87–101

Detecting inappropriate access to electronic health records using collaborative filtering

  • Aditya Krishna Menon
  • Xiaoqian Jiang
  • Jihoon Kim
  • Jaideep Vaidya
  • Lucila Ohno-Machado
Article

DOI: 10.1007/s10994-013-5376-1

Cite this article as:
Menon, A.K., Jiang, X., Kim, J. et al. Mach Learn (2014) 95: 87. doi:10.1007/s10994-013-5376-1

Abstract

Many healthcare facilities enforce security on their electronic health records (EHRs) through a corrective mechanism: some staff nominally have almost unrestricted access to the records, but there is a strict ex post facto audit process for inappropriate accesses, i.e., accesses that violate the facility’s security and privacy policies. This process is inefficient, as each suspicious access has to be reviewed by a security expert, and is purely retrospective, as it occurs after damage may have been incurred. This motivates automated approaches based on machine learning using historical data. Previous attempts at such a system have successfully applied supervised learning models to this end, such as SVMs and logistic regression. While providing benefits over manual auditing, these approaches ignore the identity of the users and patients involved in a record access. Therefore, they cannot exploit the fact that a patient whose record was previously involved in a violation has an increased risk of being involved in a future violation. Motivated by this, in this paper, we propose a collaborative filtering inspired approach to predicting inappropriate accesses. Our solution integrates both explicit and latent features for staff and patients, the latter acting as a personalized “fingerprint” based on historical access patterns. The proposed method, when applied to real EHR access data from two tertiary hospitals and a file-access dataset from Amazon, shows not only significantly improved performance compared to existing methods, but also provides insights as to what indicates an inappropriate access.

Keywords

Access violation Collaborative filtering Electronic health records Privacy breach detection 

Supplementary material

10994_2013_5376_MOESM1_ESM.pdf (429 kb)
(PDF 430 kB)

Copyright information

© The Author(s) 2013

Authors and Affiliations

  • Aditya Krishna Menon
    • 1
  • Xiaoqian Jiang
    • 1
  • Jihoon Kim
    • 1
  • Jaideep Vaidya
    • 2
  • Lucila Ohno-Machado
    • 1
  1. 1.UC San DiegoLa JollaUSA
  2. 2.Rutgers UniversityNewarkUSA