Torulf Mollestad Ph.D, Chief Consultant at the Analytics department at Acando Norway
Revealing Unwarranted Access to Sensitive Data in Health Analytics
Revealing Unwarranted Access to Sensitive Data: A Scenario-based Approach In Norwegian organisations, hundreds of million lookups are made yearly. Much of this activity addresses sensitive data, the access to which is highly restricted and disallowed for any but those having a clear need for that information. For instance, in a hospital domain, a doctor has the need to access patient data that is needed and relevant to treatment, whereas a hospital secretary will at any point access information about a large number of patients. In both situations it may be reasonably defended that the employee has a genuine need to access data about the patient, albeit different types of data. However, if your neighbour works in your local hospital and it is revealed that this person knows details of your health information without apparent reason, there may be grounds to suspect that this information has been accessed in dishonest ways. How, then, may we reveal employees that access and read data that they have no reason to consult, and thereby abuse the trust given to them? In this presentation we present a method developed in cooperation with Oslo University Hospital. We analysed a large amount of lookup data and were able to prioritise them according to their likelihood of being illicit. The method has proven to be valid and has been chosen as a base for a planned solution of information security in Norwegian health organisations.
Torulf Mollestad, Ph.D is a Chief Consultant at the Analytics department at Acando Norway, He has worked with a number of different types of analytics problems within a range of industries, including financial, telco, petroleum/process as well as public services.