Abstract
Hospitals have a keen interest to root out unauthorized access of Electronic Health Records (EHRs). The retrospective analysis of suspicious EHR views may help to take preventive measures against such access. However, investigating EHR access manually is labor-intensive and only allows for checking a small sample of cases. We explore how process mining techniques can be used to support the detection of unauthorized views. In the context of EHR access, it is easier to define authorized views with certainty than to detect unauthorized views. Therefore, we propose DEUCE: a methodology that focuses on identifying authorized behavior, such that unauthorized views are distinguished, and can be investigated more in-depth. We evaluate the methodology in the form of a case study at a Dutch hospital. As a result of this study, the hospital has adopted the approach in favor of their traditional approach and unauthorized EHR access is now more efficiently detected.
| Original language | English |
|---|---|
| Publication status | Published - 2021 |
| Event | 29th European Conference on Information Systems, ECIS 2021 - Marrakech, Morocco Duration: 14 Jun 2021 → 16 Jun 2021 Conference number: 29 https://www.ecis2021.com/ |
Conference
| Conference | 29th European Conference on Information Systems, ECIS 2021 |
|---|---|
| Abbreviated title | ECIS |
| Country/Territory | Morocco |
| City | Marrakech |
| Period | 14/06/21 → 16/06/21 |
| Internet address |
Bibliographical note
DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.Keywords
- Process Mining
- Electronic Health Records
- Unauthorized Access
- Security
- Deviations