A semantic based methodology
to classify and protect sensitive
data in medical records
Flora Amato, Valentina Casola,
Antonino Mazzeo, Sara Romano
Dipartimento di Informatica e Sistemistica
Universita’ degli Studi di Napoli, Federico II
Naples, Italy
1
Rationale
•
•
•
•
Introduction to challenges in e-healt;
Motivation and Open challenges;
Proposal of access control policies;
Methodology to extract relevant
information to protect and apply the proper
security policy;
• A Case study;
• Conclusion and future works
2
The Electronic Health
• E-Health challenges:
– To provide value-added services to the healthcare actors
(patients, doctors, etc...);
– To enhance the efficiency and reducing the costs of
complex informative systems.
• E-Health term encloses many meanings; we are focused on
those aspects of telemedicine that involve not only
technological aspects but, also, procedural ones;
• In particular, we are assisting to a gradual adoption of
innovative IT solutions for e-health but, at the state, the major
open issue is the cohesistence of two different domains:
3
The cohesistence of old and new
systems from a security point of view…..
1) Modern eHealth systems are designed to
enforce fine-grain access control policies and
the medical records are a-priori well structured
to properly manage the different fields, but…..
2) eHealth is also applied in those contexts where
new information systems have not been
developed yet but “documental systems” are, in
some way, introduced. This means that today
documental systems give users the possibility
to access a digitalized version of a medical
record without having previously classified the
4
critical parts.
Unstructured Medical record data
and actors
Actors are not aware that structuring
data is important for data elaboration
and protection.
• Security Problem
• private data (critical part) can
be accessed by not authorized
actors.
•It is not possible to enforce a
fine-grained acess control on
digitalized unstructured
documents
• Solution
• extract relevant informaton
from the records,
• enforce access control policies
5
Motivation and our proposal
• The problem: “Documental systems” allow
access to medical record digitalized version
(unstructured data) without having previously
classified the critical parts.
• We propose a semantic-based method to locate
the resource being accessed and associate the
proper security rule to apply.
• The Access control models is still based on finegrain data classification.
6
Semantic method for resource
classification
• Knowledge extraction by means of several text analysis
methodologies.
1
STEPS
2
3
4
• Running example:
7
Step 1 - Text Preprocessing:
Tokenization and Normalization
• Goal:
– extraction of relevant units of lexical elements
• Text tokenization:
– segmentation of a sentence into minimal units of analysis (token).
-
disambiguation of punctuation marks, aiming at token separation;; separation of continuous strings (i.e. strings that are not
separated by blank spaces) to be considered as independent tokens: for example, in the Italian string “c’era” there are two
independent tokens (c’ + era).
This segmentation can be performed by means of special tools,
defined tokenizers, including glossaries with wellknown
expressions to be regarded as medical domain tokens and minigrammars containing heuristic rules regulating token combinations.
• Text normalization:
– variations of the same lexical expression should be reported in a
unique way:
• (i) words that assume different meaning if are written in small or capital letter
• (ii) acronyms and abbreviations (“USA” or “U.S.A.”)
8
Step 2 - Morpho-syntactic analysis:
POS tagging and Lemmatization
• Goal:
– extraction of word categories.
• Part-of-speech (POS)
tagging:
– assignment of a grammatical
category (noun, verb, etc.) to
each lexical unit.
– word-category disambiguation:
the vocabulary of the
documents of interest is
compared with an external
lexical resource
• Key-Word In Context (KWIC)
Analysis.
• Lemmatization:
– Reducing the inflected forms to
the respective lemma
9
Step 3 - Relevant Terms
Recognition
• Goal:
– identification of terms useful to characterize the
sections of interest.
• TF-IDF (Term Frequency - Inverse Document
Frequency): relevant lexical items are frequent
and concentrated on few documents.
Wt,d = ft,d * log(N/Dt)
•
•
term frequency (tf ), corresponds to the number of times a given term
occurs in the resource;
inverse document frequency (idf), concerning the term distribution within
all the sections of the medical records: it relies on the principle that term
importance is inversely proportional to the number of documents from the
corpus where the given term occurs.
10
Step 4 - Identification of Concepts
of Interest
• Goal:
– Clusterize relevant terms
in synset (semantically
equivalent terms) in order
to associate the semantic
concept
11
Security Policies
• At the end of the semantic analysis process, a
medical record can be seen as composed by
several sections (resources) that can be
properly protected;
• A Security policy is set of rules structured as
ACL:
sj ; ai; rk
where:
– sj  S = s1 … sm the set of actors;
– ai  A = a1 … ah the set of actions;
– rk  R = r1 … rh the set of resources;
12
Medical Record Policy (Use Case)
actions
resources
actors
13
Action-actors identification
Giving the policy and given a resource
r*  R, it is easy to locate the set of all
allowed rules:
Lr* = sj, ai, r* r*R, ai  A*A, sj  S*S
14
System behavior: an example
15
Conclusions and Future works
• We have proposed a semantic approach for document
parts (resource) classification from a security point of
view;
• It is useful to associate a set of security rules on the
resources;
• It is a promising method that can strongly help in facing
security issues that arise once data are made available
for new potential applications.
• Future works:
– To prove the methodology in other e-government
fields,
– To implement a system to on-line extract/classify and
enforce fine-grained policies with acceptable
16
performances.