Download - SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter
![Page 1: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/1.jpg)
SECURITY AND DATA NORMALIZATION COLLABORATION
sharps.orgDiscussion by Mark Frisse and Carl Gunter
![Page 2: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/2.jpg)
![Page 3: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/3.jpg)
The Emerging Clusters
Four groups of activities have emerged Policy rules and modules Audit of EHR access Encryption and trusted base Telemedicine
Discussion today: areas of possible overlap with SHARPN Discussion of Audit Toolkit Some general discussion questions
3
![Page 4: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/4.jpg)
Introduction
Audit is important for EHRs Heavy reliance on accountability Critical trust with patients
Current techniques are too ad hoc and reactive Need audit that is meaningful To do this: develop audit techniques that are
more portable based on standardized logs Extensible Medical Open Audit Toolkit
(EMOAT) Carl Gunter, David Liebovitz, Brad Malin, Sanjay
Mehrotra together with staff and students
4
![Page 5: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/5.jpg)
Background and Related Work Standards: DICOM, RFC 3881, IHE ATNA,
NHIN Audit Log Requests, HL7 PASS Audit Analysis
Community-based Anomaly Detection (CADS) Patient Flow-based Anomaly Detection (PFADS)
Process Experience-based Access Management Role-Up Algorithm for role engineering Reporting support for HHS Rule 45 CFR Part 164
5
![Page 6: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/6.jpg)
Towards Standardized Log Analysis Mapped attributes are ones that have a
standard semantics Mapping type is a pair consisting of required
mapped attributes and optional mapped attributes
Application is compatible if it has the required attributes, may be able to use the others too
Three focus areas so far The Matrix Role Hierarchies Role Mapping
6
![Page 7: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/7.jpg)
![Page 8: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/8.jpg)
Analytic Techniques for Scoring CADS: Create a social network from joint
access to a record. Use k th nearest neighbor to form communities. Look for outliers and their neighbors.
PFADS: Form a graph from observed transitions between record accesses by users grouped in classes. Rare transitions are considered outliers.
8
![Page 9: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/9.jpg)
Analytic Techniques for Role Engineering and Reporting Role Engineering
Role-up: Train a naïve Bayes classifier on actions of roles over an audit set. Use this to predict roles from actions. Choose a parameter to balance specificity and accuracy.
Reporting Two views: operations and patient Scoring to aid operations Role mapping to aid patients
9
![Page 10: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/10.jpg)
EMOAT Part 1 of 210
![Page 11: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/11.jpg)
EMOAT Part 2 of 211
![Page 12: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/12.jpg)
CADS Comparison12
![Page 13: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/13.jpg)
Reporting Application13
![Page 14: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/14.jpg)
Future Work on EBAM/EMOAT Continued tuning and testing of the algorithms Addressing the scalability and flexibility of
EMOAT Extensions to HIE:
Communication between Cerner and Epic systems within NMH,
Illinois controlled substance system Extending the Matrix: JHU, AthenaHealth,
eClinicalWorks, and GE Centricity. Audit worshop?
Coordination with SHARPN?
14
![Page 15: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/15.jpg)
the policy “cloud”
Denise
VanderbiltJHU, NWU
Helen
Policy Synthesis GroupFrisse (lead)Denise (co-lead)McCarthy (analyst)
VU ISIS
Stanford
CMU
SelectedResearchActivities
Policy prioritization and synthesis
commonuse cases& syntax
Laws &Policies
RTI Summaries
Dartmouth Summaries
Developer-readable
representation
Formalrepresentation
backward links backward links backward links
U Of IL
NWU
JHU
![Page 16: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/16.jpg)
Potential discussion
SHARPn & privacy, consent Granularity (e.g., PCAST). Roles – access, consent, and encryption Test beds – who & for what purpose Thinking through the continuum from
“top secret” to “information altruists” Software tools
16
![Page 17: SECURITY AND DATA NORMALIZATION COLLABORATION sharps.org Discussion by Mark Frisse and Carl Gunter](https://reader035.vdocuments.us/reader035/viewer/2022070403/56649f325503460f94c4dafd/html5/thumbnails/17.jpg)
Further Discussion
How does SHARPn view the general issue of privacy, consent, and the granularity issues (e.g., PCAST).
To what extent are SHARPn investigators working through formalizing roles and other issues?
How do people view the continuum from "top secret" to "research for selective reasons" to "total information altruism." How are people thinking about these issues? What approaches seem most apropos?
17