EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Misuse of ‘Break-the-Glass' Policies in Hospitals: Detecting Unauthorized Access to Sensitive Patient Health Data

Benjamin Stark, Heiko Gewald, Heinrich Lautenbacher, Ulrich Haase and Siegmar Ruff
Additional contact information
Benjamin Stark: Neu-Ulm University of Applied Sciences, Neu-Ulm, Germany
Heiko Gewald: Neu-Ulm University of Applied Sciences, Neu-Ulm, Germany
Heinrich Lautenbacher: University Hospital Tübingen, Tübingen, Germany
Ulrich Haase: Klinikum Stuttgart, Stuttgart, Germany
Siegmar Ruff: DSM DatenSchutzManagement Schurer GmbH, Tübingen, Germany

International Journal of Information Security and Privacy (IJISP), 2018, vol. 12, issue 3, 100-122

Abstract: This article describes how the information about an individual's personal health is among ones most sensitive and important intangible belongings. When health information is misused, serious non-revertible damage can be caused, e.g. through making intimidating details public or leaking it to employers, insurances etc. Therefore, health information needs to be treated with the highest degree of confidentiality. In practice it proves difficult to achieve this goal. In a hospital setting medical staff across departments often needs to access patient data without directly obvious reasons, which makes it difficult to distinguish legitimate from illegitimate access. This article provides a mechanism to classify transactions at a large university medical center into plausible and questionable data access using a real-life data set of more than 60,000 transactions. The classification mechanism works with minimal data requirements and unsupervised data sets. The results were evaluated through manual cross-checks internally and by a group of external experts. Consequently, the hospital's data protection officer is now able to focus on analyzing questionable transactions instead of checking random samples.

Date: 2018
References: Add references at CitEc
Citations:

Downloads: (external link)
http://services.igi-global.com/resolvedoi/resolve. ... 018/IJISP.2018070106 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:12:y:2018:i:3:p:100-122

Access Statistics for this article

International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh

More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global
Bibliographic data for series maintained by Journal Editor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:igg:jisp00:v:12:y:2018:i:3:p:100-122