Enforcing Minimum Necessary Access in Healthcare Through Integrated Audit and Access Control
Published in Proc. ACM Conference on Bioinformatics, Computational Biology, and Biomedical Informatics Health Informatics Symposium (BCB-HIS), 2013
This paper presents a system for enforcing the minimum necessary access principle in healthcare settings by integrating large-scale audit log analysis with access control mechanisms. Using a Hadoop-based application for statistical analysis of electronic medical record audit logs, the system automatically produces human-readable reports and identifies access patterns that may indicate privacy violations. This technology was subsequently patented by Accenture.
Citation: P. Martin, A. Rubin, R. Bhatti. "Enforcing Minimum Necessary Access in Healthcare Through Integrated Audit and Access Control." Proc. ACM Conference on Bioinformatics, Computational Biology, and Biomedical Informatics Health Informatics Symposium (BCB-HIS), September 2013.
Download Paper