Augmenting accountability, security and fraud detection in health data sharing systems

Abstract

The U.S. government has introduced federal incentive programs to accelerate the adoption of meaningful use of electronic health records. These electronic records are expected to improve healthcare quality, reduce costs, and facilitate their sharing across different healthcare enterprises. However, electronic health data has already been subjected to various threats. The Washington Post declared 2015 as the year of the health-care hack where we saw major breaches at healthcare institutions that affected the identities of over 111 million individuals. These identities are then used to defraud health insurance programs by submitting fraudulent claims for reimbursement which are difficult to identify due to the large volume of claims received by them. Healthcare fraud already costs the country about $272 billion and this will increase in magnitude if we do not actively secure the health information sharing infrastructure. We augment the existing auditing systems within the health information sharing architecture and introduce the concept of sharing provenance which helps us identify the medical practitioner or healthcare organization that may be a source of a leak of information or the unauthorized node that fraudulently releases or acquires a particular patient's data. We develop a fraud, waste and abuse detection system that helps accurately detect suspicious medical insurance claims and provides them a rank and risk score to prioritize their investigation and maximize savings. We also secure end devices that access healthcare data to prevent unauthorized breaches of sensitive information.