{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:33:10Z","timestamp":1781105590124,"version":"3.54.1"},"reference-count":53,"publisher":"IGI Global Scientific Publishing","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,7]]},"abstract":"<jats:p>This article describes how the information about an individual's personal health is among ones most sensitive and important intangible belongings. When health information is misused, serious non-revertible damage can be caused, e.g. through making intimidating details public or leaking it to employers, insurances etc. Therefore, health information needs to be treated with the highest degree of confidentiality. In practice it proves difficult to achieve this goal. In a hospital setting medical staff across departments often needs to access patient data without directly obvious reasons, which makes it difficult to distinguish legitimate from illegitimate access. This article provides a mechanism to classify transactions at a large university medical center into plausible and questionable data access using a real-life data set of more than 60,000 transactions. The classification mechanism works with minimal data requirements and unsupervised data sets. The results were evaluated through manual cross-checks internally and by a group of external experts. Consequently, the hospital's data protection officer is now able to focus on analyzing questionable transactions instead of checking random samples.<\/jats:p>","DOI":"10.4018\/ijisp.2018070106","type":"journal-article","created":{"date-parts":[[2018,6,15]],"date-time":"2018-06-15T14:54:03Z","timestamp":1529074443000},"page":"100-122","source":"Crossref","is-referenced-by-count":8,"title":["Misuse of \u2018Break-the-Glass' Policies in Hospitals"],"prefix":"10.4018","volume":"12","author":[{"given":"Benjamin","family":"Stark","sequence":"first","affiliation":[{"name":"Neu-Ulm University of Applied Sciences, Neu-Ulm, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Heiko","family":"Gewald","sequence":"additional","affiliation":[{"name":"Neu-Ulm University of Applied Sciences, Neu-Ulm, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Heinrich","family":"Lautenbacher","sequence":"additional","affiliation":[{"name":"University Hospital T\u00fcbingen, T\u00fcbingen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ulrich","family":"Haase","sequence":"additional","affiliation":[{"name":"Klinikum Stuttgart, Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Siegmar","family":"Ruff","sequence":"additional","affiliation":[{"name":"DSM DatenSchutzManagement Schurer GmbH, T\u00fcbingen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"IJISP.2018070106-0","doi-asserted-by":"crossref","unstructured":"Adriansyah, A., Van Dongen, B. F., & Zannone, N. (2013). Controlling break-the-glass through alignment. Paper presented at theInternational Conference on Social Computing.","DOI":"10.1109\/SocialCom.2013.91"},{"key":"IJISP.2018070106-1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39736-3_17"},{"key":"IJISP.2018070106-2","doi-asserted-by":"publisher","DOI":"10.4018\/ijisp.2013100103"},{"key":"IJISP.2018070106-3","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2010100103"},{"key":"IJISP.2018070106-4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2010.07.001"},{"key":"IJISP.2018070106-5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70567-3_20"},{"key":"IJISP.2018070106-6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4"},{"key":"IJISP.2018070106-7","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542239"},{"key":"IJISP.2018070106-8","doi-asserted-by":"publisher","DOI":"10.1080\/08839510801972801"},{"key":"IJISP.2018070106-9","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"IJISP.2018070106-10","doi-asserted-by":"publisher","DOI":"10.1145\/1269880.1269886"},{"issue":"1","key":"IJISP.2018070106-11","first-page":"30","article-title":"Detecting Credit Card Fraud by Using Support Vector Machines and Neural Networks.","volume":"1","author":"R.-C.Chen","year":"2006","journal-title":"International Journal of Soft Computing"},{"key":"IJISP.2018070106-12","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943524"},{"issue":"5","key":"IJISP.2018070106-13","article-title":"Specializing network analysis to detect anomalous insider actions.","volume":"1","author":"Y.Chen","year":"2012","journal-title":"Security Informatics"},{"key":"IJISP.2018070106-14","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222290305"},{"key":"IJISP.2018070106-15","doi-asserted-by":"publisher","DOI":"10.1038\/nrc2294"},{"key":"IJISP.2018070106-16","unstructured":"Eargle, D., Vance, A. O., Allen, G., Barrick, D., Bearnson, T., & Tialin, T. (2012). Justifying Breaking the Glass: How Accountability Can Deter Unauthorized Access."},{"key":"IJISP.2018070106-17","doi-asserted-by":"publisher","DOI":"10.4156\/jcit.vol5.issue1.11"},{"key":"IJISP.2018070106-18","unstructured":"Gorman, A., & Sewell, A. (2013). Six people fired from Cedars-Sinai over patient privacy breaches. LA Times. Retrieved from http:\/\/articles.latimes.com\/2013\/jul\/12\/local\/la-me-hospital-security-breach-20130713"},{"key":"IJISP.2018070106-19","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2013\/37.2.01"},{"key":"IJISP.2018070106-20","author":"S.Gupta","year":"2013","journal-title":"Modeling and detecting anomalous topic access in EMR audit logs. (Master-Thesis)"},{"key":"IJISP.2018070106-21","doi-asserted-by":"publisher","DOI":"10.2307\/25148625"},{"key":"IJISP.2018070106-22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13818-8_34"},{"key":"IJISP.2018070106-23","unstructured":"Kabbani, B., Laborde, R., Barr\u00e8re, F., & Benzekri, A. (2014). Managing Break-The-Glass using Situation-oriented authorizations. Paper presented at the9\u00e8me Conf\u00e9rence sur la S\u00e9curit\u00e9 des Architectures R\u00e9seaux et Syst\u00e8mes d\u2019Information."},{"key":"IJISP.2018070106-24","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0051-4"},{"key":"IJISP.2018070106-25","unstructured":"Leimeister, J. M., Klapdor, S., & H\u00f6rmann, C. (2008). IT-Management in deutschen Krankenh\u00e4usern: eine empirische Studie unter IT-Entscheidungstr\u00e4gern. Norderstedt: BoD\u2013Books on Demand."},{"key":"IJISP.2018070106-26","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2008070104"},{"key":"IJISP.2018070106-27","first-page":"261","article-title":"Credit Card fraud detection using Bayesian and Neural Networks.","author":"S.Maes","year":"1993","journal-title":"Proceedings of the 1st International NAISO Congress on Neuro Fuzzy Technologies"},{"key":"IJISP.2018070106-28","doi-asserted-by":"publisher","DOI":"10.1007\/s00350-004-1137-2"},{"key":"IJISP.2018070106-29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85893-5_9"},{"key":"IJISP.2018070106-30","doi-asserted-by":"crossref","first-page":"946","DOI":"10.1145\/2506583.2512368","article-title":"Enforcing Minimum Necessary access in Healthcare through integrated Audit and Access Control.","author":"P.Martin","year":"2013","journal-title":"Proceedings of the International Conference on Bioinformatics, Computational Biology and Biomedical Informatics"},{"key":"IJISP.2018070106-31","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2008070106"},{"key":"IJISP.2018070106-32","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-013-5376-1"},{"issue":"2","key":"IJISP.2018070106-33","first-page":"62","article-title":"Performance Evaluation of Density-Based Outlier Detection on High Dimensional Data.","volume":"5","author":"P.Murugavel","year":"2013","journal-title":"International Journal on Computer Science and Engineering"},{"key":"IJISP.2018070106-34","unstructured":"Ornstein, C. (2008). Fawcett\u2019s cancer file breached. LA Times. Retrieved from http:\/\/articles.latimes.com\/2008\/apr\/03\/local\/me-farrah3"},{"key":"IJISP.2018070106-35","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2008.04.001"},{"key":"IJISP.2018070106-36","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2003.1260802"},{"key":"IJISP.2018070106-37","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222240302"},{"key":"IJISP.2018070106-38","doi-asserted-by":"publisher","DOI":"10.1016\/j.sigpro.2013.12.026"},{"key":"IJISP.2018070106-39","unstructured":"Ponemon Institute. (2015). Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data."},{"key":"IJISP.2018070106-40","unstructured":"Porter, H. (2010). Opting out of nhs spine. The Guardian. Retrieved from http:\/\/www.theguardian.com\/commentisfree\/henryporter\/2010\/mar\/02\/nhs-spine-database-opting-out"},{"key":"IJISP.2018070106-41","author":"D.Powers","year":"2007","journal-title":"Evaluation: From Precision"},{"key":"IJISP.2018070106-42","unstructured":"Rao, K. H., Srinivas, G., Damodhar, A., & Krishna, M. V. (2011). Implementation of Anomaly Detection Using Machine Learning Algorithms.International Journal of Computer Science and Telecommunications, 2(3), 25\u201331."},{"key":"IJISP.2018070106-43","doi-asserted-by":"crossref","unstructured":"Renu, & Suman, A. (2014). Analysis on credit card fraud detection methods. International Journal of Computer Trends and Technology(UCTT), 8(1), 45\u201351.","DOI":"10.14445\/22312803\/IJCTT-V8P109"},{"issue":"3","key":"IJISP.2018070106-44","first-page":"307","article-title":"Outlier Detection Applications and techniques.","volume":"9","author":"K.Singh","year":"2012","journal-title":"IJCSI International Journal of Computer Science Issues"},{"key":"IJISP.2018070106-45","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2007.1009"},{"key":"IJISP.2018070106-46","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30507-8_13"},{"key":"IJISP.2018070106-47","unstructured":"Tan, P.-N., Steinbach, M., & Kumar, V. (2005). Introduction to Data Mining - Instructor Solution Manual (1st ed.). Addison-Wesley."},{"key":"IJISP.2018070106-48","doi-asserted-by":"publisher","DOI":"10.1201\/1086\/43317.10.4.20010901\/31772.4"},{"key":"IJISP.2018070106-49","doi-asserted-by":"publisher","DOI":"10.1145\/2544102"},{"key":"IJISP.2018070106-50","first-page":"858","article-title":"Role Prediction using Electronic Medical Record System Audits. In","author":"W.Zhang","year":"2011","journal-title":"Proceedings of the 2nd USENIX conference on Health security and privacy"},{"key":"IJISP.2018070106-51","author":"Y.Zhang","year":"2007","journal-title":"A Taxonomy Framework for Unsupervised Outlier Detection Techniques for Multi-Type Data Sets"},{"key":"IJISP.2018070106-52","doi-asserted-by":"publisher","DOI":"10.2753\/JEC1086-4415150104"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=208128","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T01:57:11Z","timestamp":1651802231000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISP.2018070106"}},"subtitle":["Detecting Unauthorized Access to Sensitive Patient Health Data"],"short-title":[],"issued":{"date-parts":[[2018,7]]},"references-count":53,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijisp.2018070106","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7]]}}}