Healthcare facilities maintain massive databases containing a plethora of patient electronic medical records (EMR) and personal healthcare information (PHI). With a multitude of privileged information, the risk of inappropriate access is high. Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) require healthcare entities to do monthly audits on their authorized users to check for any abuse of access to PHI or EMR data. To assist enforcement of these requirements, “audit logs” are generated in healthcare facilities that identify and track authorized user activity, such as who viewed, edited, printed, etc., a patient's EMR or PHI and whether that was done with a valid reason and authorized access. An automated and intelligent system that identifies abnormal usage based on prior behavior pattern recognition greatly reduces the work of administrators, e.g., Privacy and Compliance officers, who manually go through these audit reports to identify improper access.
Several systems are directed to detect certain anomalies, or abnormal activities, in data streams. Rule-based detection methods are common, as are prior usage comparison, but both are mostly directed towards finding oddities in distributed computer networks.