423 research outputs found
Challenges and opportunities beyond structured data in analysis of electronic health records
Electronic health records (EHR) contain a lot of valuable information about individual patients and the whole population. Besides structured data, unstructured data in EHRs can provide extra, valuable information but the analytics processes are complex, time-consuming, and often require excessive manual effort. Among unstructured data, clinical text and images are the two most popular and important sources of information. Advanced statistical algorithms in natural language processing, machine learning, deep learning, and radiomics have increasingly been used for analyzing clinical text and images. Although there exist many challenges that have not been fully addressed, which can hinder the use of unstructured data, there are clear opportunities for well-designed diagnosis and decision support tools that efficiently incorporate both structured and unstructured data for extracting useful information and provide better outcomes. However, access to clinical data is still very restricted due to data sensitivity and ethical issues. Data quality is also an important challenge in which methods for improving data completeness, conformity and plausibility are needed. Further, generalizing and explaining the result of machine learning models are important problems for healthcare, and these are open challenges. A possible solution to improve data quality and accessibility of unstructured data is developing machine learning methods that can generate clinically relevant synthetic data, and accelerating further research on privacy preserving techniques such as deidentification and pseudonymization of clinical text
Electronic health record portals in Portugal : a perspective from providers and patients
Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceHealthcare systems are becoming more patient centered, as today’s citizens are more active and more informed. In line with this trend, healthcare providers are promoting the use of online applications such as Electronic Health Record (EHR) portals. EHR portals can be defined as web based applications that combine an EHR system and a patient portal, with the potential of helping to achieve benefits for both patients and healthcare providers, which makes the adoption of EHR portals an important field to study and understand. The aim of this study is to characterize the view from providers and patients on EHR portals, having the Portuguese health system as scenario. The methodology was divided into a provider-centered and a patient-centered approach, being characterized as a mixed-methods research as qualitative and quantitative data collection procedures were followed. Results point out that EHR portals are considered by providers as crucial in the establishment of a digital relationship with patients, but efforts still need to be carried out for the users to adhere to these technologies. Also, the portals available in Portugal are heterogeneous in terms of functionalities offered, greatly differing in terms of number of functionalities. Patients view some functionalities of EHR portals more important than others and half of them are users of the portal developed by the public provider. The statistically determinants of adoption of EHR portals were verified. By having the perspective of providers and users, it was possible to provide insights that can be helpful to develop EHR portals that meet patient demands
Perceptions of online information privacy among individuals with Parkinson\u27s Disease
The growth in Internet use for health care is paralleled by the increase in chronic health
conditions such as Parkinson’s disease (PD). This study explores the perceptions o f online privacy held by individuals with PD. Ten individuals with PD participated in hour-long, semi- structured, in-person interviews. Analysis of the transcripts yielded four major themes regarding participant perceptions: (1) online information privacy, including discussions o f private information, exceptions, and anonymity; (2) media, family, and friends as sources o f knowledge about online information safety; (3) reasons for privacy concerns, including physical vulnerability, the lack o f ‘people’ on the Internet, and attitudes toward privacy and disclosure; and, (4) non-privacy related reasons for non-use o f Internet resources. Highlighted aspects o f participant perceptions include: lack o f awareness concerning privacy legislation and online PD communities, the perceived value of online resources as factual not supportive, and inability to form bonds of trust in online relationships
Language modelling for clinical natural language understanding and generation
One of the long-standing objectives of Artificial Intelligence (AI) is to design and develop algorithms for social good including tackling public health challenges. In the era of digitisation, with an unprecedented amount of healthcare data being captured in digital form, the analysis of the healthcare data at scale can lead to better research of diseases, better monitoring patient conditions and more importantly improving patient outcomes. However, many AI-based analytic algorithms rely solely on structured healthcare data such as bedside measurements and test results which only account for 20% of all healthcare data, whereas the remaining 80% of healthcare data is unstructured including textual data such as clinical notes and discharge summaries which is still underexplored.
Conventional Natural Language Processing (NLP) algorithms that are designed for clinical applications rely on the shallow matching, templates and non-contextualised word embeddings which lead to limited understanding of contextual semantics. Though recent advances in NLP algorithms have demonstrated promising performance on a variety of NLP tasks in the general domain with contextualised language models, most of these generic NLP algorithms struggle at specific clinical NLP tasks which require biomedical knowledge and reasoning. Besides, there is limited research to study generative NLP algorithms to generate clinical reports and summaries automatically by considering salient clinical information.
This thesis aims to design and develop novel NLP algorithms especially clinical-driven contextualised language models to understand textual healthcare data and generate clinical narratives which can potentially support clinicians, medical scientists and patients. The first contribution of this thesis focuses on capturing phenotypic information of patients from clinical notes which is important to profile patient situation and improve patient outcomes. The thesis proposes a novel self-supervised language model, named Phenotypic Intelligence Extraction (PIE), to annotate phenotypes from clinical notes with the detection of contextual synonyms and the enhancement to reason with numerical values. The second contribution is to demonstrate the utility and benefits of using phenotypic features of patients in clinical use cases by predicting patient outcomes in Intensive Care Units (ICU) and identifying patients at risk of specific diseases with better accuracy and model interpretability. The third contribution is to propose generative models to generate clinical narratives to automate and accelerate the process of report writing and summarisation by clinicians. This thesis first proposes a novel summarisation language model named PEGASUS which surpasses or is on par with the state-of-the-art performance on 12 downstream datasets including biomedical literature from PubMed. PEGASUS is further extended to generate medical scientific documents from input tabular data.Open Acces
Context-Based Access for Infrequent Requests in Tanzania\u27s Health Care System
Access control is an important aspect of any information system. It is a way of ensuring that users can only access what they are authorised to and no more. This can be achieved by granting users access to resources based on pre-defined organisational and legislative rules. Although access control has been extensively studied, and as a result, a wide range of access control models, mechanisms and systems have been proposed, specific access control requirements for healthcare systems that needs to support the continuity of care in an accountable manner have not been addressed. This results in a gap between what is required by the application domain and what is actually practised, and thus access control solutions implemented for the domain become too restrictive. The continuity of care is defined as the delivery of seamless health care services to patients through integration, coordination and sharing of information between providers. This thesis, therefore, designs a context-based access control model that allows healthcare professionals to bypass access rules in an accountable manner in case of an infrequent access request involving an emergency situation. This research uses the Tanzania\u27s healthcare system as a case study domain
Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records
We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device
is the most ubiquitous device that people now hold. Due to their portability, availability, easy
of use, communication, access and sharing of information within various domains and areas of
our daily lives, the acceptance and adoption of these devices is still growing. However, due to
their potential and raising numbers, mobile devices are a growing target for attackers and, like
other technologies, mobile applications are still vulnerable.
Health information systems are composed with tools and software to collect, manage, analyze
and process medical information (such as electronic health records and personal health records).
Therefore, such systems can empower the performance and maintenance of health services,
promoting availability, readability, accessibility and data sharing of vital information about a
patients overall medical history, between geographic fragmented health services. Quick access
to information presents a great importance in the health sector, as it accelerates work processes,
resulting in better time utilization. Additionally, it may increase the quality of care.
However health information systems store and manage highly sensitive data, which raises serious
concerns regarding patients privacy and safety, and may explain the still increasing number
of malicious incidents reports within the health domain.
Data related to health information systems are highly sensitive and subject to severe legal
and regulatory restrictions, that aim to protect the individual rights and privacy of patients.
Along side with these legislations, security requirements must be analyzed and measures implemented.
Within the necessary security requirements to access health data, secure authentication,
identity management and access control are essential to provide adequate means to
protect data from unauthorized accesses. However, besides the use of simple authentication
models, traditional access control models are commonly based on predefined access policies
and roles, and are inflexible. This results in uniform access control decisions through people,
different type of devices, environments and situational conditions, and across enterprises, location
and time.
Although already existent models allow to ensure the needs of the health care systems, they still
lack components for dynamicity and privacy protection, which leads to not have desire levels
of security and to the patient not to have a full and easy control of his privacy. Within this
master thesis, after a deep research and review of the stat of art, was published a novel dynamic
access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE),
which can model the inherent differences and security requirements that are present in this
thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing
a risk assessment at the moment of the request. The assessment of the risk factors identified
in this work is based in a Delphi Study. A set of security experts from various domains were
selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates.
SoTRAACE was integrated in an architecture with requirements well-founded, and based
in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in
deep review of the state-of-art. The architecture is further targeted with the essential security
analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric
architecture, with two mobile prototypes for several types of accesses by patients and healthcare
professionals, as well the web servers that handles the access requests, authentication and
identity management.
The proof of concept shows that the model works as expected, with transparency, assuring privacy
and data control to the user without impact for user experience and interaction. It is clear
that the model can be extended to other industry domains, and new levels of risks or attributes
can be added because it is modular. The architecture also works as expected, assuring secure
authentication with multifactor, and secure data share/access based in SoTRAACE decisions.
The communication channel that SoTRAACE uses was also protected with a digital certificate.
At last, the architecture was tested within different Android versions, tested with static and
dynamic analysis and with tests with security tools.
Future work includes the integration of health data standards and evaluating the proposed system
by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que
os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua
portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha
de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração
destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número
de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras
tecnologias, aplicações móveis continuam a ser vulneráveis.
Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem
recolher, administrar, analisar e processar informação médica (tais como documentos de saúde
eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos
serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados
vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão
geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande
importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim
numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma
melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e
manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade
e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do
domínio da saúde.
Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares,
que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando
os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança
devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários
para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de
acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos
não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos
tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos
pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para
diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações
e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar
algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso
dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e
em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde.
Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte,
foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as
diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto,
o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação
de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco
identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de
segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada
atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a
dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta
arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque.
Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente
com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis,
que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é
constituída também por servidores web que tratam da gestão de dados, controlo de acesso e
autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado,
com transparência, assegurando a privacidade e o controlo de dados para o utilizador,
sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender
para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados
a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando
uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões
do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com
um certificado digital.
A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática,
dinâmica e testes com ferramentas de segurança.
Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do
sistema proposto, através da recolha de opiniões de utilizadores no mundo real
- …