|
1
|
Li J, Zhang R, Liu J. ConLBS: An Attack Investigation Approach Using Contrastive Learning with Behavior Sequence. Sensors (Basel) 2023; 23:9881. [PMID: 38139727 PMCID: PMC10747446 DOI: 10.3390/s23249881] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/30/2023] [Revised: 12/04/2023] [Accepted: 12/15/2023] [Indexed: 12/24/2023]
Abstract
Attack investigation is an important research field in forensics analysis. Many existing supervised attack investigation methods rely on well-labeled data for effective training. While the unsupervised approach based on BERT can mitigate the issues, the high degree of similarity between certain real-world attacks and normal behaviors makes it challenging to accurately identify disguised attacks. This paper proposes ConLBS, an attack investigation approach that combines the contrastive learning framework and multi-layer transformer network to realize the classification of behavior sequences. Specifically, ConLBS constructs behavior sequences describing behavior patterns from audit logs, and a novel lemmatization strategy is proposed to map the semantics to the attack pattern layer. Four different augmentation strategies are explored to enhance the differentiation between attack and normal behavior sequences. Moreover, ConLBS can perform unsupervised representation learning on unlabeled sequences, and can be trained either supervised or unsupervised depending on the availability of labeled data. The performance of ConLBS is evaluated in two public datasets. The results show that ConLBS can effectively identify attack behavior sequences in the cases of unlabeled data or less labeled data to realize attack investigation, and can achieve superior effectiveness compared to existing methods and models.
Collapse
Affiliation(s)
| | - Ru Zhang
- School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China; (J.L.); (J.L.)
| | | |
Collapse
|
|
2
|
Kannampallil T, Adler-Milstein J. Using electronic health record audit log data for research: insights from early efforts. J Am Med Inform Assoc 2022; 30:167-171. [PMID: 36173351 PMCID: PMC9748594 DOI: 10.1093/jamia/ocac173] [Citation(s) in RCA: 6] [Impact Index Per Article: 3.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/23/2022] [Revised: 09/12/2022] [Accepted: 09/16/2022] [Indexed: 12/15/2022] Open
Abstract
Electronic health record audit logs capture a time-sequenced record of clinician activities while using the system. Audit log data therefore facilitate unobtrusive measurement at scale of clinical work activities and workflow as well as derivative, behavioral proxies (eg, teamwork). Given its considerable research potential, studies leveraging these data have burgeoned. As the field has matured, the challenges of using the data to answer significant research questions have come into focus. In this Perspective, we draw on our research experiences and insights from the broader audit log literature to advance audit log research. Specifically, we make 2 complementary recommendations that would facilitate substantial progress toward audit log-based measures that are: (1) transparent and validated, (2) standardized to allow for multisite studies, (3) sensitive to meaningful variability, (4) broader in scope to capture key aspects of clinical work including teamwork and coordination, and (5) linked to patient and clinical outcomes.
Collapse
Affiliation(s)
- Thomas Kannampallil
- Department of Anesthesiology, Washington University School of Medicine, St Louis, Missouri, USA
- Institute for Informatics, Washington University School of Medicine, St Louis, Missouri, USA
| | - Julia Adler-Milstein
- Department of Medicine, Center for Clinical Informatics and Improvement Research, University of California, San Francisco, California, USA
| |
Collapse
|
|
3
|
Li P, Chen B, Rhodes E, Slagle J, Alrifai MW, France D, Chen Y. Measuring Collaboration Through Concurrent Electronic Health Record Usage: Network Analysis Study. JMIR Med Inform 2021; 9:e28998. [PMID: 34477566 PMCID: PMC8449299 DOI: 10.2196/28998] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/21/2021] [Revised: 05/23/2021] [Accepted: 08/02/2021] [Indexed: 01/30/2023] Open
Abstract
BACKGROUND Collaboration is vital within health care institutions, and it allows for the effective use of collective health care worker (HCW) expertise. Human-computer interactions involving electronic health records (EHRs) have become pervasive and act as an avenue for quantifying these collaborations using statistical and network analysis methods. OBJECTIVE We aimed to measure HCW collaboration and its characteristics by analyzing concurrent EHR usage. METHODS By extracting concurrent EHR usage events from audit log data, we defined concurrent sessions. For each HCW, we established a metric called concurrent intensity, which was the proportion of EHR activities in concurrent sessions over all EHR activities. Statistical models were used to test the differences in the concurrent intensity between HCWs. For each patient visit, starting from admission to discharge, we measured concurrent EHR usage across all HCWs, which we called temporal patterns. Again, we applied statistical models to test the differences in temporal patterns of the admission, discharge, and intermediate days of hospital stay between weekdays and weekends. Network analysis was leveraged to measure collaborative relationships among HCWs. We surveyed experts to determine if they could distinguish collaborative relationships between high and low likelihood categories derived from concurrent EHR usage. Clustering was used to aggregate concurrent activities to describe concurrent sessions. We gathered 4 months of EHR audit log data from a large academic medical center's neonatal intensive care unit (NICU) to validate the effectiveness of our framework. RESULTS There was a significant difference (P<.001) in the concurrent intensity (proportion of concurrent activities: ranging from mean 0.07, 95% CI 0.06-0.08, to mean 0.36, 95% CI 0.18-0.54; proportion of time spent on concurrent activities: ranging from mean 0.32, 95% CI 0.20-0.44, to mean 0.76, 95% CI 0.51-1.00) between the top 13 HCW specialties who had the largest amount of time spent in EHRs. Temporal patterns between weekday and weekend periods were significantly different on admission (number of concurrent intervals per hour: 11.60 vs 0.54; P<.001) and discharge days (4.72 vs 1.54; P<.001), but not during intermediate days of hospital stay. Neonatal nurses, fellows, frontline providers, neonatologists, consultants, respiratory therapists, and ancillary and support staff had collaborative relationships. NICU professionals could distinguish high likelihood collaborative relationships from low ones at significant rates (3.54, 95% CI 3.31-4.37 vs 2.64, 95% CI 2.46-3.29; P<.001). We identified 50 clusters of concurrent activities. Over 87% of concurrent sessions could be described by a single cluster, with the remaining 13% of sessions comprising multiple clusters. CONCLUSIONS Leveraging concurrent EHR usage workflow through audit logs to analyze HCW collaboration may improve our understanding of collaborative patient care. HCW collaboration using EHRs could potentially influence the quality of patient care, discharge timeliness, and clinician workload, stress, or burnout.
Collapse
Affiliation(s)
- Patrick Li
- Department of Computer and Information Science, University of Pennsylvania, Philadelphia, PA, United States
| | - Bob Chen
- Epithelial Biology Center, Vanderbilt University Medical Center, Nashville, TN, United States
| | - Evan Rhodes
- Department of Anesthesiology, Vanderbilt University Medical Center, Nashville, TN, United States
| | - Jason Slagle
- Department of Anesthesiology, Vanderbilt University Medical Center, Nashville, TN, United States
| | - Mhd Wael Alrifai
- Department of Pediatric, Vanderbilt University Medical Center, Nashville, TN, United States.,Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, TN, United States
| | - Daniel France
- Department of Anesthesiology, Vanderbilt University Medical Center, Nashville, TN, United States
| | - You Chen
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, TN, United States.,Department of Computer Science, Vanderbilt University, Nashville, TN, United States
| |
Collapse
|
|
4
|
Mohler SA, Mears SC, Kathiresan AR, Barnes CL, Stambough JB. Electronic Medical Record Audit Time Logs as a Measure of Preoperative Work Before Total Joint Arthroplasty. J Arthroplasty 2021; 36:2250-2253. [PMID: 33618957 PMCID: PMC9454105 DOI: 10.1016/j.arth.2021.01.050] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Received: 11/06/2020] [Revised: 12/28/2020] [Accepted: 01/19/2021] [Indexed: 02/02/2023] Open
Abstract
BACKGROUND In order to achieve rapid recovery total joint arthroplasty, surgeons and their teams are spending more time in the weeks before surgery to prepare patients. This study aims to quantify total knee and hip prearthroplasty work using retrospective electronic medical record (EMR) activity audit log analysis. METHODS EMR activity in 100 elective knee and 100 elective hip arthroplasty cases was performed using audit logs. Each mouse click and action in the EMR was recorded. The time between mouse clicks was calculated and summed for each member of the clinical team. Descriptive statistics and independent samples t-tests were conducted to quantify and compare total preoperative work (POW) between groups defined by gender, procedure, age, insurance type, or health literacy (P < .05). RESULTS The mean number of days defined in the prearthroplasty time period was 69.1 days (standard deviation [SD] 42.8; range 8-191). The mean time spent in each patient's chart in the prearthroplasty period was 76.8 (SD 47.8) minutes. Surgeon's work in the medical record accounted for 7.9 (SD 7.9) minutes, registered nurses 46.7 minutes (SD 39.1), physician extenders 10.8 minutes (SD 16.9), and licensed practical nurses and patient care technicians 9.8 minutes (SD 13.0). A significant difference was observed when groups were dichotomized based on age <65 and insurance provider type. CONCLUSION A considerable amount of POW is required to prepare patients for surgery from the clinic date one decides to pursue total joint arthroplasty and the day prior to surgery. Retrospective electronic time stamps from the EMR should represent the minimum time required for surgical preparation.
Collapse
Affiliation(s)
- Samantha A Mohler
- Department of Orthopaedic Surgery, University of Arkansas for Medical Sciences, Little Rock, AR
| | - Simon C Mears
- Department of Orthopaedic Surgery, University of Arkansas for Medical Sciences, Little Rock, AR
| | - Ashleigh R Kathiresan
- Division of Clinical Informatics, University of Arkansas for Medical Sciences, Little Rock, AR
| | - C Lowry Barnes
- Department of Orthopaedic Surgery, University of Arkansas for Medical Sciences, Little Rock, AR
| | - Jeffrey B Stambough
- Department of Orthopaedic Surgery, University of Arkansas for Medical Sciences, Little Rock, AR
| |
Collapse
|
|
5
|
Chen B, Alrifai W, Gao C, Jones B, Novak L, Lorenzi N, France D, Malin B, Chen Y. Mining tasks and task characteristics from electronic health record audit logs with unsupervised machine learning. J Am Med Inform Assoc 2021; 28:1168-1177. [PMID: 33576432 DOI: 10.1093/jamia/ocaa338] [Citation(s) in RCA: 13] [Impact Index Per Article: 4.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/26/2020] [Accepted: 12/17/2020] [Indexed: 11/12/2022] Open
Abstract
OBJECTIVE The characteristics of clinician activities while interacting with electronic health record (EHR) systems can influence the time spent in EHRs and workload. This study aims to characterize EHR activities as tasks and define novel, data-driven metrics. MATERIALS AND METHODS We leveraged unsupervised learning approaches to learn tasks from sequences of events in EHR audit logs. We developed metrics characterizing the prevalence of unique events and event repetition and applied them to categorize tasks into 4 complexity profiles. Between these profiles, Mann-Whitney U tests were applied to measure the differences in performance time, event type, and clinician prevalence, or the number of unique clinicians who were observed performing these tasks. In addition, we apply process mining frameworks paired with clinical annotations to support the validity of a sample of our identified tasks. We apply our approaches to learn tasks performed by nurses in the Vanderbilt University Medical Center neonatal intensive care unit. RESULTS We examined EHR audit logs generated by 33 neonatal intensive care unit nurses resulting in 57 234 sessions and 81 tasks. Our results indicated significant differences in performance time for each observed task complexity profile. There were no significant differences in clinician prevalence or in the frequency of viewing and modifying event types between tasks of different complexities. We presented a sample of expert-reviewed, annotated task workflows supporting the interpretation of their clinical meaningfulness. CONCLUSIONS The use of the audit log provides an opportunity to assist hospitals in further investigating clinician activities to optimize EHR workflows.
Collapse
Affiliation(s)
- Bob Chen
- Epithelial Biology Center, Vanderbilt University Medical Center, Nashville, Tennessee, USA.,Program in Chemical and Physical Biology, Vanderbilt University, Nashville, Tennessee, USA
| | - Wael Alrifai
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA.,Department of Pediatrics, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Cheng Gao
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Barrett Jones
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Laurie Novak
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Nancy Lorenzi
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Daniel France
- Department of Anesthesiology, Center for Research and Innovation in Systems Safety, Vanderbilt University Medical Center, Nashville, Tennessee, USA
| | - Bradley Malin
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA.,Department of Biostatistics, School of Medicine, Vanderbilt University Medical Center, Nashville, Tennessee, USA.,Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Tennessee, USA
| | - You Chen
- Department of Biomedical Informatics, Vanderbilt University Medical Center, Nashville, Tennessee, USA.,Department of Electrical Engineering and Computer Science, School of Engineering, Vanderbilt University, Nashville, Tennessee, USA
| |
Collapse
|
|
6
|
Rule A, Chiang MF, Hribar MR. Using electronic health record audit logs to study clinical activity: a systematic review of aims, measures, and methods. J Am Med Inform Assoc 2021; 27:480-490. [PMID: 31750912 DOI: 10.1093/jamia/ocz196] [Citation(s) in RCA: 56] [Impact Index Per Article: 18.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/02/2019] [Revised: 10/07/2019] [Accepted: 10/18/2019] [Indexed: 01/13/2023] Open
Abstract
OBJECTIVE To systematically review published literature and identify consistency and variation in the aims, measures, and methods of studies using electronic health record (EHR) audit logs to observe clinical activities. MATERIALS AND METHODS In July 2019, we searched PubMed for articles using EHR audit logs to study clinical activities. We coded and clustered the aims, measures, and methods of each article into recurring categories. We likewise extracted and summarized the methods used to validate measures derived from audit logs and limitations discussed of using audit logs for research. RESULTS Eighty-five articles met inclusion criteria. Study aims included examining EHR use, care team dynamics, and clinical workflows. Studies employed 6 key audit log measures: counts of actions captured by audit logs (eg, problem list viewed), counts of higher-level activities imputed by researchers (eg, chart review), activity durations, activity sequences, activity clusters, and EHR user networks. Methods used to preprocess audit logs varied, including how authors filtered extraneous actions, mapped actions to higher-level activities, and interpreted repeated actions or gaps in activity. Nineteen studies validated results (22%), but only 9 (11%) through direct observation, demonstrating varying levels of measure accuracy. DISCUSSION While originally designed to aid access control, EHR audit logs have been used to observe diverse clinical activities. However, most studies lack sufficient discussion of measure definition, calculation, and validation to support replication, comparison, and cross-study synthesis. CONCLUSION EHR audit logs have potential to scale observational research but the complexity of audit log measures necessitates greater methodological transparency and validated standards.
Collapse
Affiliation(s)
- Adam Rule
- Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, Oregon, USA
| | - Michael F Chiang
- Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, Oregon, USA.,Department of Ophthalmology, Casey Eye Institute, Oregon Health & Science University, Portland, Oregon, USA
| | - Michelle R Hribar
- Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, Oregon, USA.,Department of Ophthalmology, Casey Eye Institute, Oregon Health & Science University, Portland, Oregon, USA
| |
Collapse
|
|
7
|
Long CP, Tai-Seale M, El-Kareh R, Lee JE, Baxter SL. Electronic Health Record Use among Ophthalmology Residents while on Call. J Acad Ophthalmol (2017) 2020; 12:e143-e150. [PMID: 33274310 PMCID: PMC7710324 DOI: 10.1055/s-0040-1716411] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
BACKGROUND As electronic health record (EHR) use becomes more widespread, detailed records of how users interact with the EHR, known as EHR audit logs, are being used to characterize the clinical workflows of physicians including residents. After-hours EHR use is of particular interest given its known association with physician burnout. Several studies have analyzed EHR audit logs for residents in other fields, such as internal medicine, but none thus far in ophthalmology. Here, we focused specifically on EHR use during on-call shifts outside of normal clinic hours. METHODS In this retrospective study, we analyzed raw EHR audit log data from on-call shifts for 12 ophthalmology residents at a single institution over the course of a calendar year. Data were analyzed to characterize total time spent using the EHR, clinical volume, diagnoses of patients seen on call, and EHR tasks. RESULTS Across all call shifts, the median and interquartile range (IQR) of the time spent logged into the EHR per shift were 88 and 131 minutes, respectively. The median (IQR) unique patient charts accessed per shift was 7 (9) patients. When standardized to per-hour measures, weekday evening shifts were the busiest call shifts with regard to both EHR use time and clinical volume. Total EHR use time and clinical volume were greatest in the summer months (July to September). Chart review comprised a majority (63.4%) of ophthalmology residents' on-call EHR activities. CONCLUSION In summary, EHR audit logs demonstrate substantial call burden for ophthalmology residents outside of regular clinic hours. These data and future studies can be used to further characterize the clinical exposure and call burden of ophthalmology residents and could potentially have broader implications in the fields of physician burnout and education policy.
Collapse
Affiliation(s)
- Christopher P. Long
- Viterbi Family Department of Ophthalmology, Shiley Eye Institute, University of California San Diego, La Jolla, California
| | - Ming Tai-Seale
- Department of Family Medicine and Public Health, University of California San Diego, La Jolla, California
| | - Robert El-Kareh
- Health Department of Biomedical Informatics, University of California San Diego, La Jolla, California
| | - Jeffrey E. Lee
- Viterbi Family Department of Ophthalmology, Shiley Eye Institute, University of California San Diego, La Jolla, California
| | - Sally L. Baxter
- Viterbi Family Department of Ophthalmology, Shiley Eye Institute, University of California San Diego, La Jolla, California
- Health Department of Biomedical Informatics, University of California San Diego, La Jolla, California
| |
Collapse
|