Technical Reports

Document Type


Publication Date



Health care informatics is growing at an incredible pace. Originally health care organizations, like all other industries, used pen and paper to track medical information. Ten years ago the more mature health care organizations had simply practice management applications. Today these organizations have full blown electronic health records systems. Tomorrow these organizations will be sharing information across the globe.

Physicians (and the sponsoring organizations) are obligated to protect this data. Health care has followed the trend of many other industries in implementing technologies and processes to address certain risks. Encryption is enabled to ensure confidentiality. Business continuity techniques are applied to ensure system availability. However there is no ‘best practice’ solution that can be applied to the problem of detecting inappropriate activity. How can a hospital tell when Nurse Smith is ‘snooping’ in medical records? How can a radiologist tell when a lab technician is feeding information to a law firm?

This paper will describe the efforts to design, build, and run a system that will detect atypical behavior in a health care application and see if that behavior is indicative of inappropriate activity. The first section will discuss the impetus for such a system. The second section will describe the design and implementation of this system. The third section will document a series of experiments showing the accuracy of such a system in detecting inappropriate activity.