Accepted for/Published in: JMIR Medical Informatics
Date Submitted: Apr 9, 2020
Date Accepted: Sep 28, 2021
Date Submitted to PubMed: Dec 23, 2021
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
A Systematic Review and Framework for Analyzing Healthcare Security Practice in the Context of Artificial Intelligence and Data-Driven.
ABSTRACT
Background:
Blacklisting malicious activities in healthcare is deemed challenging in relation to access control in healthcare security practices. This is for fear of preventing legitimate accesses for therapeutic reasons. Preventing legitimate access will contravene the availability trait of the confidentiality, integrity and availability (CIA) and may results in worsening health conditions, leading to serious consequences including deaths. So, healthcare staffs are often provided with a wide range of accesses such as “Break the Glass” or “Self-Authorization” mechanism for emergency access. But the broad accesses can undermine the confidentiality and integrity of the sensitive healthcare data. Because huge accesses could be problematic to determine illegitimate accesses in security practices. So, in modelling and analyzing security practice in healthcare, there is a need to assess accesses in healthcare data to determine if the accesses were in line with security policy. The accesses can be tracked in access logs such as network logs, electronic health record (EHR) logs, host system logs or browser history.
Objective:
To address the state-of-the art, a systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective modeling and analysis of healthcare staffs’ security practice. A framework was also developed, based on the review, to provide a comprehensive approach towards effective modeling and analyzing security practice of healthcare staff in the context of access logs.
Methods:
A systematic review was conducted to identify the related methods which can be applied in the modeling and analysis of healthcare security practices. A framework was further developed based on the review results.
Results:
Out of about 130 articles, which were initially identified in the context of human-generated healthcare data for security measures in healthcare, 15 articles were found to meet the inclusion and exclusion criteria. A thorough assessment and analysis of the included article reveals that, KNN, Bayesian Network and Decision Trees (C4.5) algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs’ security practices. Based on the review results, a framework was developed towards implementation. What was found challenging is the performance scores of these algorithms which were not sufficiently outlined in the existing studies
Conclusions:
With identified algorithms and the framework, security practice of healthcare staffs, can then be studied. Deviations of security practices from required healthcare staffs’ security behavior can be examined to define appropriated incentives towards improving conscious care security practice.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.