Security and data normalization collaboration
Download
1 / 17

Security and data normalization collaboration - PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on

Security and data normalization collaboration. Discussion by Mark Frisse and Carl Gunter. sharps.org. The Emerging Clusters. Four groups of activities have emerged Policy rules and modules Audit of EHR access Encryption and trusted base Telemedicine

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Security and data normalization collaboration' - admon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Security and data normalization collaboration

Security and data normalization collaboration

Discussion by Mark Frisse and Carl Gunter

sharps.org


The emerging clusters
The Emerging Clusters

  • Four groups of activities have emerged

    • Policy rules and modules

    • Audit of EHR access

    • Encryption and trusted base

    • Telemedicine

  • Discussion today: areas of possible overlap with SHARPN

    • Discussion of Audit Toolkit

    • Some general discussion questions


Introduction
Introduction

  • Audit is important for EHRs

    • Heavy reliance on accountability

    • Critical trust with patients

  • Current techniques are too ad hoc and reactive

  • Need audit that is meaningful

  • To do this: develop audit techniques that are more portable based on standardized logs

  • Extensible Medical Open Audit Toolkit (EMOAT)

    • Carl Gunter, David Liebovitz, Brad Malin, Sanjay Mehrotra together with staff and students


Background and related work
Background and Related Work

  • Standards: DICOM, RFC 3881, IHE ATNA, NHIN Audit Log Requests, HL7 PASS Audit

  • Analysis

    • Community-based Anomaly Detection (CADS)

    • Patient Flow-based Anomaly Detection (PFADS)

  • Process

    • Experience-based Access Management

    • Role-Up Algorithm for role engineering

    • Reporting support for HHS Rule 45 CFR Part 164


Towards standardized log analysis
Towards Standardized Log Analysis

  • Mapped attributes are ones that have a standard semantics

  • Mapping type is a pair consisting of required mapped attributes and optional mapped attributes

  • Application is compatible if it has the required attributes, may be able to use the others too

  • Three focus areas so far

    • The Matrix

    • Role Hierarchies

    • Role Mapping


Analytic techniques for scoring
Analytic Techniques for Scoring

  • CADS: Create a social network from joint access to a record. Use k th nearest neighbor to form communities. Look for outliers and their neighbors.

  • PFADS: Form a graph from observed transitions between record accesses by users grouped in classes. Rare transitions are considered outliers.


Analytic techniques for role engineering and reporting
Analytic Techniques for Role Engineering and Reporting

  • Role Engineering

    • Role-up: Train a naïve Bayes classifier on actions of roles over an audit set. Use this to predict roles from actions. Choose a parameter to balance specificity and accuracy.

  • Reporting

    • Two views: operations and patient

    • Scoring to aid operations

    • Role mapping to aid patients






Future work on ebam emoat
Future Work on EBAM/EMOAT

  • Continued tuning and testing of the algorithms

  • Addressing the scalability and flexibility of EMOAT

  • Extensions to HIE:

    • Communication between Cerner and Epic systems within NMH,

    • Illinois controlled substance system

  • Extending the Matrix: JHU, AthenaHealth, eClinicalWorks, and GE Centricity. Audit worshop?

  • Coordination with SHARPN?


Policy prioritization and synthesis
Policy prioritization and synthesis

the policy “cloud”

Denise

Helen

CMU

Stanford

Policy Synthesis Group

Frisse (lead)

Denise (co-lead)

McCarthy (analyst)

commonuse cases& syntax

SelectedResearchActivities

VU ISIS

U Of IL

NWU

JHU

Vanderbilt

JHU, NWU

RTI Summaries

Developer-readablerepresentation

Formalrepresentation

Laws &Policies

Dartmouth Summaries

backward links

backward links

backward links


Potential discussion
Potential discussion

  • SHARPn & privacy, consent

  • Granularity (e.g., PCAST).

  • Roles – access, consent, and encryption

  • Test beds – who & for what purpose

  • Thinking through the continuum from “top secret” to “information altruists”

  • Software tools


Further discussion
Further Discussion

  • How does SHARPn view the general issue of privacy, consent, and the granularity issues (e.g., PCAST).

  • To what extent are SHARPn investigators working through formalizing roles and other issues?

  • How do people view the continuum from "top secret" to "research for selective reasons" to "total information altruism." How are people thinking about these issues? What approaches seem most apropos?


ad