{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T17:07:36Z","timestamp":1767978456014,"version":"3.49.0"},"reference-count":64,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2013,12,1]],"date-time":"2013-12-01T00:00:00Z","timestamp":1385856000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100005982","name":"Office of the National Coordinator for Health Information Technology","doi-asserted-by":"publisher","award":["HHS-90TR0003\/01"],"award-info":[{"award-number":["HHS-90TR0003\/01"]}],"id":[{"id":"10.13039\/100005982","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CCF-0424422, CNS-0964063"],"award-info":[{"award-number":["CCF-0424422, CNS-0964063"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000002","name":"National Institutes of Health","doi-asserted-by":"publisher","award":["R01-LM010207"],"award-info":[{"award-number":["R01-LM010207"]}],"id":[{"id":"10.13039\/100000002","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0424422, CNS-0964063"],"award-info":[{"award-number":["CCF-0424422, CNS-0964063"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2013,12]]},"abstract":"<jats:p>In electronic medical record (EMR) systems, administrators often provide EMR users with broad access privileges, which may leave the system vulnerable to misuse and abuse. Given that patient care is based on a coordinated workflow, we hypothesize that care pathways can be represented as the progression of a patient through a system and introduce a strategy to model the patient\u2019s flow as a sequence of accesses defined over a graph. Elements in the sequence correspond to features associated with the access transaction (e.g., reason for access). Based on this motivation, we model patterns of patient record usage, which may indicate deviations from care workflows. We evaluate our approach using several months of data from a large academic medical center. Empirical results show that this framework finds a small portion of accesses constitute outliers from such flows. We also observe that the violation patterns deviate for different types of medical services. Analysis of our results suggests greater deviation from normal access patterns by nonclinical users. We simulate anomalies in the context of real accesses to illustrate the efficiency of the proposed method for different medical services. As an illustration of the capabilities of our method, it was observed that the area under the receiver operating characteristic (ROC) curve for the Pediatrics service was found to be 0.9166. The results suggest that our approach is competitive with, and often better than, the existing state-of-the-art in its outlier detection performance. At the same time, our method is more efficient, by orders of magnitude, than previous approaches, allowing for detection of thousands of accesses in seconds.<\/jats:p>","DOI":"10.1145\/2544102","type":"journal-article","created":{"date-parts":[[2014,4,23]],"date-time":"2014-04-23T13:52:04Z","timestamp":1398261124000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits"],"prefix":"10.1145","volume":"4","author":[{"given":"He","family":"Zhang","sequence":"first","affiliation":[{"name":"Northwestern University"}]},{"given":"Sanjay","family":"Mehotra","sequence":"additional","affiliation":[{"name":"Northwestern University"}]},{"given":"David","family":"Liebovitz","sequence":"additional","affiliation":[{"name":"Northwestern University"}]},{"given":"Carl A.","family":"Gunter","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Bradley","family":"Malin","sequence":"additional","affiliation":[{"name":"Vanderbilt University"}]}],"member":"320","published-online":{"date-parts":[[2013,12]]},"reference":[{"key":"e_1_2_1_1_1","first-page":"61","article-title":"Think a privacy breach couldn\u2019t happen at your facility","volume":"12","author":"Amatayakul M.","year":"2009","unstructured":"Amatayakul , M. 2009 . Think a privacy breach couldn\u2019t happen at your facility ? Hospital Financial Manage. 12 , 61 -- 65 . Amatayakul, M. 2009. Think a privacy breach couldn\u2019t happen at your facility? Hospital Financial Manage. 12, 61--65.","journal-title":"Hospital Financial Manage."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJIEM.2010.035624"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium. 855","author":"Asaro P. V.","unstructured":"Asaro , P. V. and Ries , J. E . 2001. Data mining in medical record access logs . In Proceedings of the American Medical Informatics Association Annual Symposium. 855 . Asaro, P. V. and Ries, J. E. 2001. Data mining in medical record access logs. In Proceedings of the American Medical Informatics Association Annual Symposium. 855."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1197\/jamia.M1471"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.01.010"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1780014.1780028"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijmedinf.2003.11.018"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1177\/1077558709343295"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2011-000217"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1377\/hlthaff.2010.0503"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1197\/jamia.M2042"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.316.7125.133"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1050.0041"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.7326\/0003-4819-144-10-200605160-00125"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cor.2004.03.019"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943524"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium. 93--102","author":"Chen Y.","unstructured":"Chen , Y. , Nyemba , S. , and Malin , B . 2012a. Auditing medical records accesses via healthcare interaction networks . In Proceedings of the American Medical Informatics Association Annual Symposium. 93--102 . Chen, Y., Nyemba, S., and Malin, B. 2012a. Auditing medical records accesses via healthcare interaction networks. In Proceedings of the American Medical Informatics Association Annual Symposium. 93--102."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1186\/2190-8532-1-5"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2006.08.002"},{"key":"e_1_2_1_20_1","first-page":"108","article-title":"Compliance with HIPAA security standards in U.S. hospitals","volume":"20","author":"Davis D.","year":"2006","unstructured":"Davis , D. and Having , K. 2006 . Compliance with HIPAA security standards in U.S. hospitals . J. Healthcare Inform. Manage. 20 , 108 -- 115 . Davis, D. and Having, K. 2006. Compliance with HIPAA security standards in U.S. hospitals. J. Healthcare Inform. Manage. 20, 108--115.","journal-title":"J. Healthcare Inform. Manage."},{"key":"e_1_2_1_21_1","first-page":"34","article-title":"A guide to California\u2019s breaches: First year of state reporting requirement reveals common privacy violations","volume":"81","author":"Dimick C.","year":"2010","unstructured":"Dimick , C. 2010 . A guide to California\u2019s breaches: First year of state reporting requirement reveals common privacy violations . J. Amer. Health Inform. Manage. Assoc. 81 , 34 -- 36 . Dimick, C. 2010. A guide to California\u2019s breaches: First year of state reporting requirement reveals common privacy violations. J. Amer. Health Inform. Manage. Assoc. 81, 34--36.","journal-title":"J. Amer. Health Inform. Manage. Assoc."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14778\/2047485.2047486"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2012-001018"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/CBMS.2006.95"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium.","author":"Gallagher R. J.","unstructured":"Gallagher , R. J. , Sengupta , S. , Hripcsak , G. , Barrows , R. C. , and Clayton , P. D . 1998. An audit server for monitoring usage of clinical information systems . In Proceedings of the American Medical Informatics Association Annual Symposium. Gallagher, R. J., Sengupta, S., Hripcsak, G., Barrows, R. C., and Clayton, P. D. 1998. An audit server for monitoring usage of clinical information systems. In Proceedings of the American Medical Informatics Association Annual Symposium."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1080\/1463923021000042715"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1097\/00126450-200018030-00009"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1089107.1089141"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.72"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2008.11.013"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.3414\/ME9103"},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Jakkula V. R. Crandall A. S. and Cook D. J. 2008. Advanced Intelligent Environments. Chapter Enhancing anomaly detection using temporal pattern discovery 175--194 Spriger.  Jakkula V. R. Crandall A. S. and Cook D. J. 2008. Advanced Intelligent Environments . Chapter Enhancing anomaly detection using temporal pattern discovery 175--194 Spriger.","DOI":"10.1007\/978-0-387-76485-6_8"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2011.06.006"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium. 723--731","author":"Kim J.","unstructured":"Kim , J. , Grillo , J. M. , Boxwala , A. A. , Jiang , X. , Mandelbaum , R. B. , Patel , B. A. , Mikels , D. , Vinterbo , S. A. , and Ohno-Machado , L . 2011. Anomaly and signature filtering improve classifier performance for detection of suspicious access to ehrs . In Proceedings of the American Medical Informatics Association Annual Symposium. 723--731 . Kim, J., Grillo, J. M., Boxwala, A. A., Jiang, X., Mandelbaum, R. B., Patel, B. A., Mikels, D., Vinterbo, S. A., and Ohno-Machado, L. 2011. Anomaly and signature filtering improve classifier performance for detection of suspicious access to ehrs. In Proceedings of the American Medical Informatics Association Annual Symposium. 723--731."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110363.2110399"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2012-000906"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/322510.322526"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2012.06.001"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10916-011-9776-0"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2012.19"},{"key":"e_1_2_1_41_1","first-page":"636","article-title":"If electronic medical records are so great, why aren\u2019t family physicians using them","volume":"51","author":"Loomis G. A.","year":"2002","unstructured":"Loomis , G. A. , Ries , J. S. , Saywell , R. M. , and Thakker , N. R. 2002 . If electronic medical records are so great, why aren\u2019t family physicians using them ? J. Family Practice 51 , 7, 636 -- 641 . Loomis, G. A., Ries, J. S., Saywell, R. M., and Thakker, N. R. 2002. If electronic medical records are so great, why aren\u2019t family physicians using them? J. Family Practice 51, 7, 636--641.","journal-title":"J. Family Practice"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijmedinf.2008.06.005"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2011.01.007"},{"key":"e_1_2_1_44_1","unstructured":"Manos D. September 12 2012. Four reasons for CIOs to celebrate stage 2 meaningful use. Gov. Health IT Mag.  Manos D. September 12 2012. Four reasons for CIOs to celebrate stage 2 meaningful use. Gov. Health IT Mag."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1998441.1998453"},{"key":"e_1_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Menon A. Jiang X. Kim J. Vaidya J. and Ohno-Machado L. 2013. Detecting inappropriate access to electronic health records using collaborative filtering. Mach. Learn. 1--1.  Menon A. Jiang X. Kim J. Vaidya J. and Ohno-Machado L. 2013. Detecting inappropriate access to electronic health records using collaborative filtering. Mach. Learn. 1--1.","DOI":"10.1007\/s10994-013-5376-1"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/TITB.2003.816562"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/383775.383777"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2008.03.014"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2004.11.009"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the 4th International Conference on Formal Aspects in Security and Trust. 127--142","author":"Probst C. W.","unstructured":"Probst , C. W. , Hansen , R. R. , and Nielson , F . 2007. Where can an insider attack? In Proceedings of the 4th International Conference on Formal Aspects in Security and Trust. 127--142 . Probst, C. W., Hansen, R. R., and Nielson, F. 2007. Where can an insider attack? In Proceedings of the 4th International Conference on Formal Aspects in Security and Trust. 127--142."},{"key":"e_1_2_1_52_1","volume-title":"R: A Language and Environment for Statistical Computing","author":"Development Core Team","year":"2008","unstructured":"R Development Core Team . 2008 . R: A Language and Environment for Statistical Computing . R Foundation for Statistical Computing , Vienna, Austria . R Development Core Team. 2008. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.8"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.312842"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.321.7270.1199"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)01009-X"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1386-5056(98)00168-3"},{"key":"e_1_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Stolfo S. Bellovin S. Hershkop S. Keromytis A. Sinclair S. and Smith S. 2008. Insider Attack and Cyber Security: Beyond the Hacker. Springer New York NY.   Stolfo S. Bellovin S. Hershkop S. Keromytis A. Sinclair S. and Smith S. 2008. Insider Attack and Cyber Security: Beyond the Hacker . Springer New York NY.","DOI":"10.1007\/978-0-387-77322-3"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1150402.1150445"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/3468.935043"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/937527.937530"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the American Medical Informatics Association Annual Symposium. 858--867","author":"Zhang W.","unstructured":"Zhang , W. , Gunter , C. A. , Liebovitz , D. , Tian , J. , and Malin , B . 2011. Role prediction using electronic medical record system audits . In Proceedings of the American Medical Informatics Association Annual Symposium. 858--867 . Zhang, W., Gunter, C. A., Liebovitz, D., Tian, J., and Malin, B. 2011. Role prediction using electronic medical record system audits. In Proceedings of the American Medical Informatics Association Annual Symposium. 858--867."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compmedimag.2004.09.009"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2544102","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2544102","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:10:15Z","timestamp":1750234215000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2544102"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,12]]},"references-count":64,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,12]]}},"alternative-id":["10.1145\/2544102"],"URL":"https:\/\/doi.org\/10.1145\/2544102","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"value":"2158-656X","type":"print"},{"value":"2158-6578","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,12]]},"assertion":[{"value":"2012-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-12-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}