About the EventRecent
U.S.
legislation
such
as
the
Affordable
Care
Act,
HIPAA
and
HITECH
outline
rules
governing
the
appropriate
use
of
personal
health
information
(PHI).
Unfortunately,
current
technologies
do
not
meet
the
security
requirements
of
these
regulations.
In
particular,
while
electronic
medical
records
(EMR)
systems
maintain
detailed
audit
logs
that
record
each
access
to
PHI,
the
logs
contain
too
many
accesses
for
compliance
officers
to
practically
monitor,
putting
PHI
at
risk.
This
thesis
presents
the
explanation-‐based
auditing
system,
which
aims
to
filter
appropriate
accesses
from
the
audit
log
so
compliance
officers
can
focus
their
efforts
on
suspicious
behavior.
The
main
observation
of
the
system
is
that
most
appropriate
accesses
to
medical
records
occur
for
valid
clinical
or
operational
reasons
in
the
process
of
treating
a
patient,
while
inappropriate
accesses
do
not.
This
thesis
discusses
how
explanations
for
accesses
(1)
capture
these
clinical
and
operational
reasons,
(2)
can
be
mined
directly
from
the
EMR
database,
(3)
can
be
enhanced
by
filling-‐in
frequently
missing
types
of
data,
and
(4)
can
drastically
reduce
the
auditing
burden. |
