Illegitimate HIS access by healthcare professionals: scenarios, use cases and audit trail-based detection model

Abstract

Abstract Healthcare institutions face serious security challenges, namely confidentiality, integrity and availability of patient’s data due to the amounts of sensitive data collected on Health Information Systems (HIS) and the complex data management processes in health care. This paper describes scenarios of undue HIS access by staff in healthcare institutions, use cases (UC) that model the activities on HIS and identify the variables on audit trails (AT) logs that can be used to detect illegitimate actions on patients’ data. Firstly, a survey was conducted through discussion meetings with Information Systems Director (ISD), Data Protection Officer (DPO) and a jurist to discuss their concerns about patient data access, followed by interviews to professionals from healthcare institutions to gather information about their routines and HIS access practices. Then, undue access scenarios were described and UC of activities on HIS which allow their detection were modelled. Lastly, necessary log variables were identified in order to produce algorithms for illegitimate accesses detection. UC and variables selected were matched with the specific requirements of Ministers Council Resolution (MCR) nr.41/2018 which provides guidelines for technology to be compliant with General Data Protection Regulations (GDPR). Discussions with ISD, DPO and the jurist, and professionals’ interviews allowed us to describe nine scenarios of undue access. For each scenario we modelled one UC. 32 variables from different type of logs were identified for illegitimate access detection, of which 14 are mandatory according to MCR nr. 41/2018. Despite we might have some limitations related to poor HIS log quality, the mandatory data that logs must comply will be very useful for the development of UC presented. In addition, it is possible to request systems’ vendors the improvement of logs’ data to meet the detail we propose for this model, which may be very useful to comply not only with GDPR requirements but also with the Standard “Management of Information” (MOI.11) of Joint Commission International Standards for Hospitals (JCI) certification. As future work, we intend to develop the algorithms for the UC modelled, that will detect suspicious activities and produce alarmistic in their presence, testing them in real environment of a hospital to help Information Systems department and DPO on investigation and prevention of data breaches.