Just what the doctor ordered: An evaluation of provider preference-based Instrumental Variable methods in observational studies, with application for comparative effectiveness of type 2 diabetes therapy

Instrumental Variables provide a way of addressing bias due to unmeasured confounding when estimating treatment effects using observational data. As instrument prescription preference of individual healthcare providers has been proposed. Because prescription preference is hard to measure and often unobserved, a surrogate measure constructed from available data is often required for the analysis. Different construction methods for this surrogate measure are possible, such as simple rule-based methods which make use of the observed treatment patterns, or more complex model-based methods that employ formal statistical models to explain the treatment behaviour whilst considering measured confounders. The choice of construction method relies on aspects like data availability within provider, missing data in measured confounders, and possible changes in prescription preference over time. In this paper we conduct a comprehensive simulation study to evaluate different construction methods for surrogates of prescription preference under different data conditions, including: different provider sizes, missing covariate data, and change in preference. We also propose a novel model-based construction method to address between provider differences and change in prescription preference. All presented construction methods are exemplified in a case study of the relative glucose lowering effect of two type 2 diabetes treatments in observational data. Our study shows that preference-based Instrumental Variable methods can be a useful tool for causal inference from observational health data. The choice of construction method should be driven by the data condition at hand. Our proposed method is capable of estimating the causal treatment effect without bias in case of sufficient prescription data per provider, changing prescription preference over time and non-ignorable missingness in measured confounders.Comment: 44 pages, 11 figure

Probabilistic Model-Based Safety Analysis

Model-based safety analysis approaches aim at finding critical failure combinations by analysis of models of the whole system (i.e. software, hardware, failure modes and environment). The advantage of these methods compared to traditional approaches is that the analysis of the whole system gives more precise results. Only few model-based approaches have been applied to answer quantitative questions in safety analysis, often limited to analysis of specific failure propagation models, limited types of failure modes or without system dynamics and behavior, as direct quantitative analysis is uses large amounts of computing resources. New achievements in the domain of (probabilistic) model-checking now allow for overcoming this problem. This paper shows how functional models based on synchronous parallel semantics, which can be used for system design, implementation and qualitative safety analysis, can be directly re-used for (model-based) quantitative safety analysis. Accurate modeling of different types of probabilistic failure occurrence is shown as well as accurate interpretation of the results of the analysis. This allows for reliable and expressive assessment of the safety of a system in early design stages

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Efficient verification of multi-property designs (The benefit of wrong assumptions)

We consider the problem of efficiently checking a set of safety properties Ρ1,…,Ρk of one design. We introduce a new approach called Ja-verification, where Ja stands for “Just-Assume” (as opposed to “assume-guarantee”). In this approach, when proving a property Pi, one assumes that every property Pj for j ≠ i holds. The process of proving properties either results in showing that Ρ1,.,.,Ρk hold without any assumptions or finding a “debugging set” of properties. The latter identifies a subset of failed properties that are the first to break. The design behaviors that cause the properties in the debugging set to fail must be fixed first. Importantly, in our approach, there is no need to prove the assumptions used. We describe the theory behind our approach and report experimental results that demonstrate substantial gains in performance, especially in the cases where a small debugging set exists

Efficient verification of multi-property designs (The benefit of wrong assumptions)

We consider the problem of efficiently checking a set of safety properties Ρ1,…,Ρk of one design. We introduce a new approach called Ja-verification, where Ja stands for “Just-Assume” (as opposed to “assume-guarantee”). In this approach, when proving a property Pi, one assumes that every property Pj for j ≠ i holds. The process of proving properties either results in showing that Ρ1,.,.,Ρk hold without any assumptions or finding a “debugging set” of properties. The latter identifies a subset of failed properties that are the first to break. The design behaviors that cause the properties in the debugging set to fail must be fixed first. Importantly, in our approach, there is no need to prove the assumptions used. We describe the theory behind our approach and report experimental results that demonstrate substantial gains in performance, especially in the cases where a small debugging set exists