Establishing Situational Awareness for Securing Healthcare Patient Records

The healthcare sector is an appealing target to attackers due to the high value of patient data on the black market. Patient data can be profitable to illegal actors either through direct sale or extortion by ransom. Additionally, employees present a persistent threat as they are able to access the data of almost any patient without reprimand. Without proactive monitoring of audit records, data breaches go undetected and employee behaviour is not deterred. In 2016, 450 data breaches occurred affecting more than 27 million patient records. 26.8% of these breaches were due to hacking and ransomware. In May 2017, a global ransomware campaign adversely affected approximately 48 UK hospitals. Response to this attack, named WannaCry, resulted in hospital networks being taken offline, and non-emergency patients being refused care. Hospitals must maintain patient trust and ensure that the information security principles of Integrity, Availability and Confidentiality are applied to Electronic Patient Record EPR data. With over 83% of hospitals adopting EPRs, access to healthcare data needs to be monitored proactively for malicious activity. Therefore, this paper presents research towards a system that uses advanced data analytics techniques to profile user’s behaviour in order to identify patterns and anomalies. Visualisation techniques are then applied to highlight these anomalies to aid the situational awareness of patient privacy officers within healthcare infrastructures

Data Analysis Techniques to Visualise Accesses to Patient Records in Healthcare Infrastructures

Access to Electronic Patient Record (EPR) data is audited heavily within healthcare infrastructures. However, it is often left untouched in a data silo and only accessed on an ad hoc basis. Users with access to the EPR infrastructure are able to access the data of almost any patient without reprimand. Very Important Patients (VIPs) are an exception, for which the audit logs are regularly monitored. Otherwise, only if an official complaint is logged by a patient are audit logs reviewed. Data behaviour within healthcare infrastructures needs proactive monitoring for malicious, erratic or unusual activity. In addition, external threats, such as phishing or social engineering techniques to acquire a clinician’s logon credentials, need to be identified. This paper presents research towards a system which uses data analysis and visualisation techniques deployed in a cloud setting. The system adds to the defence-in-depth of the healthcare infrastructures by understanding patterns of data for profiling users’ behaviour to enable the detection and visualisation of anomalous activities. The results demonstrate the potential of visualising accesses to patient records for the situational awareness of patient privacy officers within healthcare infrastructures

A Review of Blockchain Technology Based Techniques to Preserve Privacy and to Secure for Electronic Health Records

Research has been done to broaden the block chain’s use cases outside of finance since Bitcoin introduced it. One sector where block chain is anticipated to have a big influence is healthcare. Researchers and practitioners in health informatics constantly struggle to keep up with the advancement of this field's new but quickly expanding body of research. This paper provides a thorough analysis of recent studies looking into the application of block chain based technology within the healthcare sector. Electronic health records (EHRs) are becoming a crucial tool for health care practitioners in achieving these objectives and providing high-quality treatment. Technology and regulatory barriers, such as concerns about results and privacy issues, make it difficult to use these technologies. Despite the fact that a variety of efforts have been introduced to focus on the specific privacy and security needs of future applications with functional parameters, there is still a need for research into the application, security and privacy complexities, and requirements of block chain based healthcare applications, as well as possible security threats and countermeasures. The primary objective of this article is to determine how to safeguard electronic health records (EHRs) using block chain technology in healthcare applications. It discusses contemporary HyperLedgerfabrics techniques, Interplanar file storage systems with block chain capabilities, privacy preservation techniques for EHRs, and recommender systems

Securing electronic health records against insider-threats: A supervised machine learning approach

The introduction of electronic health records (EHR) has created new opportunities for efficient patient data management. For example, preventative medical practice, rather than reactive, is possible through the integration of machine learning to mine digital patient record datasets. Furthermore, within the wider smart cities’ infrastructure, EHR has considerable environmental and cost-saving benefits for healthcare providers. Yet, there are inherent dangers to digitising patient records. Considering the sensitive nature of the data, EHR is equally at risk of both external threats and insider attacks, but security applications are predominantly facing the outer boundary of the network. Therefore, in this work, the focus is on insider data misuse detection. The approach involves the use of supervised classification (decision tree, random forest and support vector machine) based off pre-labelled real-world data collated from a UK-based hospital for the detection of EHR data misuse. The results demonstrate that by employing a machine learning approach to analyse EHR data access, anomaly detection can be achieved with a 0.9896 accuracy from a test set and 0.9908 from the validation set using a support vector machine classifier. The emphasis of this research is on the detection of EHR data misuse, through the detection of anomalous behavioural patterns. Based on the results, the recommendation is to adopt an SVM for data misuse/insider threat detection

Advancing Physician Performance Measurement: Using Administrative Data to Assess Physician Quality and Efficiency

Summarizes national initiatives to advance the practice of standardized measurement and outlines goals for developing a method for tracking efficiency and quality that will reward physicians and enable patients to make informed healthcare choices

Social analytics for health integration, intelligence, and monitoring

Nowadays, patient-generated social health data are abundant and Healthcare is changing from the authoritative provider-centric model to collaborative and patient-oriented care. The aim of this dissertation is to provide a Social Health Analytics framework to utilize social data to solve the interdisciplinary research challenges of Big Data Science and Health Informatics. Specific research issues and objectives are described below. The first objective is semantic integration of heterogeneous health data sources, which can vary from structured to unstructured and include patient-generated social data as well as authoritative data. An information seeker has to spend time selecting information from many websites and integrating it into a coherent mental model. An integrated health data model is designed to allow accommodating data features from different sources. The model utilizes semantic linked data for lightweight integration and allows a set of analytics and inferences over data sources. A prototype analytical and reasoning tool called “Social InfoButtons” that can be linked from existing EHR systems is developed to allow doctors to understand and take into consideration the behaviors, patterns or trends of patients’ healthcare practices during a patient’s care. The tool can also shed insights for public health officials to make better-informed policy decisions. The second objective is near-real time monitoring of disease outbreaks using social media. The research for epidemics detection based on search query terms entered by millions of users is limited by the fact that query terms are not easily accessible by non-affiliated researchers. Publically available Twitter data is exploited to develop the Epidemics Outbreak and Spread Detection System (EOSDS). EOSDS provides four visual analytics tools for monitoring epidemics, i.e., Instance Map, Distribution Map, Filter Map, and Sentiment Trend to investigate public health threats in space and time. The third objective is to capture, analyze and quantify public health concerns through sentiment classifications on Twitter data. For traditional public health surveillance systems, it is hard to detect and monitor health related concerns and changes in public attitudes to health-related issues, due to their expenses and significant time delays. A two-step sentiment classification model is built to measure the concern. In the first step, Personal tweets are distinguished from Non-Personal tweets. In the second step, Personal Negative tweets are further separated from Personal Non-Negative tweets. In the proposed classification, training data is labeled by an emotion-oriented, clue-based method, and three Machine Learning models are trained and tested. Measure of Concern (MOC) is computed based on the number of Personal Negative sentiment tweets. A timeline trend of the MOC is also generated to monitor public concern levels, which is important for health emergency resource allocations and policy making. The fourth objective is predicting medical condition incidence and progression trajectories by using patients’ self-reported data on PatientsLikeMe. Some medical conditions are correlated with each other to a measureable degree (“comorbidities”). A prediction model is provided to predict the comorbidities and rank future conditions by their likelihood and to predict the possible progression trajectories given an observed medical condition. The novel models for trajectory prediction of medical conditions are validated to cover the comorbidities reported in the medical literature

Applying machine learning for healthcare: A case study on cervical pain assessment with motion capture

Given the exponential availability of data in health centers and the massive sensorization that is expected, there is an increasing need to manage and analyze these data in an effective way. For this purpose, data mining (DM) and machine learning (ML) techniques would be helpful. However, due to the specific characteristics of the field of healthcare, a suitable DM and ML methodology adapted to these particularities is required. The applied methodology must structure the different stages needed for data-driven healthcare, from the acquisition of raw data to decision-making by clinicians, considering the specific requirements of this field. In this paper, we focus on a case study of cervical assessment, where the goal is to predict the potential presence of cervical pain in patients affected with whiplash diseases, which is important for example in insurance-related investigations. By analyzing in detail this case study in a real scenario, we show how taking care of those particularities enables the generation of reliable predictive models in the field of healthcare. Using a database of 302 samples, we have generated several predictive models, including logistic regression, support vector machines, k-nearest neighbors, gradient boosting, decision trees, random forest, and neural network algorithms. The results show that it is possible to reliably predict the presence of cervical pain (accuracy, precision, and recall above 90%). We expect that the procedure proposed to apply ML techniques in the field of healthcare will help technologists, researchers, and clinicians to create more objective systems that provide support to objectify the diagnosis, improve test treatment efficacy, and save resources