TY - GEN
T1 - Preemptive mechanism to prevent health data privacy leakage
AU - Faresi, Ahmed A.L.
AU - Wijesekera, Duminda
PY - 2011
Y1 - 2011
N2 - Insider threats in health care systems constitute the majority of patient privacy breaches. To mitigate such insider threats many research proposals were made to develop anomaly detectors based on past behavior patterns and data mining audit trails to investigate abuses in networks and organizational settings. However such systems detect rather then prevent breaches. In this paper, we argue that current health security systems do not consider the risk level of the authorized user and lack a reward/penalty mechanism for proper data handling. We propose that building such a tool, as an add-on to an access controller, would help dissuade users from committing privacy breaches. We propose a framework for scoring user behavior regarding privacy risk by drawing concepts from psychology, anomaly detection theory and item response theory. We test our method with synthetic data and demonstrate its efficacy. The model provides improvement in information management, information access, and the training of care providers in handling patient data.
AB - Insider threats in health care systems constitute the majority of patient privacy breaches. To mitigate such insider threats many research proposals were made to develop anomaly detectors based on past behavior patterns and data mining audit trails to investigate abuses in networks and organizational settings. However such systems detect rather then prevent breaches. In this paper, we argue that current health security systems do not consider the risk level of the authorized user and lack a reward/penalty mechanism for proper data handling. We propose that building such a tool, as an add-on to an access controller, would help dissuade users from committing privacy breaches. We propose a framework for scoring user behavior regarding privacy risk by drawing concepts from psychology, anomaly detection theory and item response theory. We test our method with synthetic data and demonstrate its efficacy. The model provides improvement in information management, information access, and the training of care providers in handling patient data.
KW - Health information systems
KW - Item response theory (IRT)
KW - Privacy
KW - Risk score
UR - http://www.scopus.com/inward/record.url?scp=84855689897&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84855689897&partnerID=8YFLogxK
U2 - 10.1145/2077489.2077493
DO - 10.1145/2077489.2077493
M3 - Conference contribution
AN - SCOPUS:84855689897
SN - 9781450310475
T3 - Proceedings of the International Conference on Management of Emergent Digital EcoSystems, MEDES'11
SP - 17
EP - 24
BT - Proceedings of the International Conference on Management of Emergent Digital EcoSystems, MEDES'11
T2 - International Conference on Management of Emergent Digital EcoSystems, MEDES'11
Y2 - 21 November 2011 through 23 November 2011
ER -