Misuse of 'Break-the-Glass' Policies in Hospitals: Detecting Unauthorized Access to Sensitive Patient Health Data

Heiko Gewald; Benjamin Stark; Heinrich Lautenbacher; Ulrich Haase; Siegmar Ruff

首页> 外文期刊>International journal of information security and privacy >Misuse of 'Break-the-Glass' Policies in Hospitals: Detecting Unauthorized Access to Sensitive Patient Health Data

【24h】

Misuse of 'Break-the-Glass' Policies in Hospitals: Detecting Unauthorized Access to Sensitive Patient Health Data

机译：医院滥用“破例”政策：检测到未经授权的敏感患者健康数据访问

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

This article describes how the information about an individual's personal health is among ones most sensitive and important intangible belongings. When health information is misused, serious non-revertible damage can be caused, e.g. through making intimidating details public or leaking it to employers, insurances etc. Therefore, health information needs to be treated with the highest degree of confidentiality. In practice it proves difficult to achieve this goal. In a hospital setting medical staff across departments often needs to access patient data without directly obvious reasons, which makes it difficult to distinguish legitimate from illegitimate access. This article provides a mechanism to classify transactions at a large university medical center into plausible and questionable data access using a real-life data set of more than 60,000 transactions. The classification mechanism works with minimal data requirements and unsupervised data sets. The results were evaluated through manual cross-checks internally and by a group of external experts. Consequently, the hospital's data protection officer is now able to focus on analyzing questionable transactions instead of checking random samples.

机译：本文介绍了有关个人的个人健康的信息如何成为最敏感和最重要的无形财产之一。如果滥用健康信息，可能会造成严重的不可挽回的损失，例如通过公开令人恐惧的细节或将其泄露给雇主，保险等。因此，健康信息需要以最高机密性进行处理。在实践中，很难实现这一目标。在医院中，跨部门的医务人员经常需要在没有直接明显原因的情况下访问患者数据，这使得很难区分合法访问和非法访问。本文提供了一种机制，可以使用超过60,000笔交易的真实数据集将大型大学医学中心的交易分类为合理和可疑的数据访问。分类机制以最小的数据需求和无监督的数据集工作。通过内部和一组外部专家的手动交叉检查对结果进行了评估。因此，医院的数据保护官现在可以专注于分析可疑交易，而不是检查随机样本。

著录项

来源
《International journal of information security and privacy》 |2018年第3期|100-122|共23页
作者
Heiko Gewald; Benjamin Stark; Heinrich Lautenbacher; Ulrich Haase; Siegmar Ruff;
展开▼
作者单位

Neu-Ulm University of Applied Sciences Neu-Ulm Germany;

University Hospital Tübingen Tübingen Germany;

Klinikum Stuttgart Stuttgart Germany;

DSM DatenSchutzManagement Schurer GmbH Tübingen Germany;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Anomaly Detection; Break-the-Glass Policy; Data Privacy; Data Protection; Hospital; Scoring Model;

机译：异常检测;打破玻璃政策;数据隐私;数据保护;医院;计分模型;

相似文献

外文文献
中文文献
专利

1. PROVIDING DATA SECURITY IN WLAN BY DETECTING UNAUTHORIZED ACCESS POINTS AND ATTACKS [J] . MS.SNEHAL S. BEHEDE, Prof. SANDEEP B. VANJALE, Prof.Dr.P.B.MANE International Journal of Engineering Science and Technology . 2011,第5期

机译：通过检测未经授权的访问点和攻击来提供WLAN中的数据安全性
2. BTG-AC: Break-the-Glass Access Control Model for Medical Data in Wireless Sensor Networks [J] . Htoo Aung Maw, Hannan Xiao, Bruce Christianson, Biomedical and Health Informatics, IEEE Journal of . 2016,第3期

机译：BTG-AC：无线传感器网络中用于医学数据的突破性眼镜访问控制模型
3. Access to unauthorized hepatitis C generics: Perception and knowledge of physicians, pharmacists, patients and non-healthcare professionals [J] . Amandine Garcia, Sascha Moore Boffi, Angèle Gayet-Ageron, PLoS One . 2019,第10期

机译：访问未经授权的丙型肝炎泛型：医师，药剂师，患者和非医疗专业人士的感知和知识
4. Accessing sensitive patient information in ubiquitous healthcare systems [C] . 2010 International Conference for Internet Technology and Secured Transactions . 2010

机译：在无处不在的医疗系统中访问敏感的患者信息
5. Syndrome Surveillance in the Intensive Care Unit: Development of Customized Rules (Data "Sniffers") for Detecting Adverse Events and Specific Time-Sensitive Patient Problems in the ICU. [D] . Herasevich, Vitaly. 2011

机译：重症监护病房的综合征监测：制定用于在ICU中检测不良事件和特定时间敏感性患者问题的自定义规则（数据“嗅探器”）。
6. Data Data Everywhere but Access Remains a Big Issue for Researchers: A Review of Access Policies for Publicly-Funded Patient-Level Health Care Data in the United States [O] . Jalpa A. Doshi, Franklin B. Hendrick, Jennifer S. Graff, -1

机译：数据数据无处不在但访问仍然是研究人员的大问题：美国公共资助的患者级卫生保健数据的访问政策回顾
7. CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy [O] . Nurmamat Helil, Kaysar Rahman 2017

机译：CP-ABE访问控制方案，用于隐藏访问策略和约束策略的敏感数据集约束

Misuse of 'Break-the-Glass' Policies in Hospitals: Detecting Unauthorized Access to Sensitive Patient Health Data

摘要

著录项

相似文献

相关主题

期刊订阅