Illegitimate HIS Access by Healthcare Professionals Detection System Applying an Audit Trail-based Model

Liliana Sá-Correia, Manuel E. Correia, Ricardo Cruz-Correia, Ricardo Cruz-Correia

2020

Abstract

Complex data management on healthcare institutions makes very hard to identify illegitimate accesses which is a serious issue. We propose to develop a system to detect accesses with suspicious behavior for further investigation. We modeled use cases (UC) and sequence diagrams (SD) showing the data flow between users and systems. The algorithms represented by activity diagrams apply rules based on professionals’ routines, use data from an audit trail (AT) and classify accesses as suspicious or normal. The algorithms were evaluated between 23rd and 31st July 2019. The results were analyzed using absolute and relative frequencies and dispersion measures. Access classification was in accordance to rules applied. “Check time of activity” UC had 64,78% of suspicious classifications, being 55% of activity period shorter and 9,78% longer than expected, “Check days of activity” presented 2,27% of suspicious access and “EHR read access” 79%, the highest percentage of suspicious accesses. The results show the first picture of HIS accesses. Deeper analysis to evaluate algorithms sensibility and specificity should be done. Lack of more detailed information about professionals’ routines and systems, and low quality of systems logs are some limitations. Although we believe this is an important step in this field.

Download


Paper Citation


in Harvard Style

Sá-Correia L., Correia M. and Cruz-Correia R. (2020). Illegitimate HIS Access by Healthcare Professionals Detection System Applying an Audit Trail-based Model. In Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF; ISBN 978-989-758-398-8, SciTePress, pages 539-546. DOI: 10.5220/0008991505390546


in Bibtex Style

@conference{healthinf20,
author={Liliana Sá-Correia and Manuel E. Correia and Ricardo Cruz-Correia},
title={Illegitimate HIS Access by Healthcare Professionals Detection System Applying an Audit Trail-based Model},
booktitle={Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF},
year={2020},
pages={539-546},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008991505390546},
isbn={978-989-758-398-8},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 13th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2020) - Volume 5: HEALTHINF
TI - Illegitimate HIS Access by Healthcare Professionals Detection System Applying an Audit Trail-based Model
SN - 978-989-758-398-8
AU - Sá-Correia L.
AU - Correia M.
AU - Cruz-Correia R.
PY - 2020
SP - 539
EP - 546
DO - 10.5220/0008991505390546
PB - SciTePress