Role prediction using Electronic Medical Record system audits.

Wen Zhang; Carl A. Gunter; David Liebovitz; Jian Tian; Bradley Malin

Role prediction using Electronic Medical Record system audits.

Wen Zhang^*, Carl A. Gunter, David Liebovitz, Jian Tian, Bradley Malin

^*Corresponding author for this work

Medicine, General Medicine Division

Research output: Contribution to journal › Article › peer-review

25 Scopus citations

Abstract

Electronic Medical Records (EMRs) provide convenient access to patient data for parties who should have it, but, unless managed properly, may also provide it to those who should not. Distinguishing the two is a core security challenge for EMRs. Strategies proposed to address these problems include Role Based Access Control (RBAC), which assigns collections of privileges called roles to users, and Experience Based Access Management (EBAM), which analyzes audit logs to determine access rights. In this paper, we integrate RBAC and EBAM through an algorithm, called Roll-Up, to manage roles effectively. In doing so, we introduce the concept of "role prediction" to identify roles from audit data. We apply the algorithm to three months of logs from Northwestern Memorial Hospital's Cerner system with approximately 8000 users and 140 roles. We demonstrate that existing roles can be predicted with 50% accuracy and intelligent grouping of roles through Roll-Up can facilitate 65% accuracy.

Original language	English (US)
Pages (from-to)	858-867
Number of pages	10
Journal	AMIA ... Annual Symposium proceedings / AMIA Symposium. AMIA Symposium
Volume	2011
State	Published - 2011

ASJC Scopus subject areas

General Medicine

Cite this

@article{10c170fa8a4d4a9ca4e161889115eaef,

title = "Role prediction using Electronic Medical Record system audits.",

abstract = "Electronic Medical Records (EMRs) provide convenient access to patient data for parties who should have it, but, unless managed properly, may also provide it to those who should not. Distinguishing the two is a core security challenge for EMRs. Strategies proposed to address these problems include Role Based Access Control (RBAC), which assigns collections of privileges called roles to users, and Experience Based Access Management (EBAM), which analyzes audit logs to determine access rights. In this paper, we integrate RBAC and EBAM through an algorithm, called Roll-Up, to manage roles effectively. In doing so, we introduce the concept of {"}role prediction{"} to identify roles from audit data. We apply the algorithm to three months of logs from Northwestern Memorial Hospital's Cerner system with approximately 8000 users and 140 roles. We demonstrate that existing roles can be predicted with 50% accuracy and intelligent grouping of roles through Roll-Up can facilitate 65% accuracy.",

author = "Wen Zhang and Gunter, {Carl A.} and David Liebovitz and Jian Tian and Bradley Malin",

year = "2011",

language = "English (US)",

volume = "2011",

pages = "858--867",

journal = "AMIA ... Annual Symposium proceedings / AMIA Symposium. AMIA Symposium",

issn = "1559-4076",

publisher = "American Medical Informatics Association",

}

TY - JOUR

T1 - Role prediction using Electronic Medical Record system audits.

AU - Zhang, Wen

AU - Gunter, Carl A.

AU - Liebovitz, David

AU - Tian, Jian

AU - Malin, Bradley

PY - 2011

Y1 - 2011

N2 - Electronic Medical Records (EMRs) provide convenient access to patient data for parties who should have it, but, unless managed properly, may also provide it to those who should not. Distinguishing the two is a core security challenge for EMRs. Strategies proposed to address these problems include Role Based Access Control (RBAC), which assigns collections of privileges called roles to users, and Experience Based Access Management (EBAM), which analyzes audit logs to determine access rights. In this paper, we integrate RBAC and EBAM through an algorithm, called Roll-Up, to manage roles effectively. In doing so, we introduce the concept of "role prediction" to identify roles from audit data. We apply the algorithm to three months of logs from Northwestern Memorial Hospital's Cerner system with approximately 8000 users and 140 roles. We demonstrate that existing roles can be predicted with 50% accuracy and intelligent grouping of roles through Roll-Up can facilitate 65% accuracy.

AB - Electronic Medical Records (EMRs) provide convenient access to patient data for parties who should have it, but, unless managed properly, may also provide it to those who should not. Distinguishing the two is a core security challenge for EMRs. Strategies proposed to address these problems include Role Based Access Control (RBAC), which assigns collections of privileges called roles to users, and Experience Based Access Management (EBAM), which analyzes audit logs to determine access rights. In this paper, we integrate RBAC and EBAM through an algorithm, called Roll-Up, to manage roles effectively. In doing so, we introduce the concept of "role prediction" to identify roles from audit data. We apply the algorithm to three months of logs from Northwestern Memorial Hospital's Cerner system with approximately 8000 users and 140 roles. We demonstrate that existing roles can be predicted with 50% accuracy and intelligent grouping of roles through Roll-Up can facilitate 65% accuracy.

UR - http://www.scopus.com/inward/record.url?scp=84863373113&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863373113&partnerID=8YFLogxK

M3 - Article

C2 - 22195144

AN - SCOPUS:84863373113

SN - 1559-4076

VL - 2011

SP - 858

EP - 867

JO - AMIA ... Annual Symposium proceedings / AMIA Symposium. AMIA Symposium

JF - AMIA ... Annual Symposium proceedings / AMIA Symposium. AMIA Symposium

ER -

Role prediction using Electronic Medical Record system audits.

Abstract

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this