Simulation Details
The simulation generates synthetic interrelated FHIR R5 resources, including:
- Practitioners
- Patients
- Appointments (scheduled, cancelled, no-shows)
- Encounters (actual face-to-face visits between a patient and practitioner)
- Observations (made by practitioners)
- AuditEvents, particularly Break The Glass (BTG) emergency access events
Implementation Details
The discrete-event simulation is implemented in SimPy. An SQLite database is used to log events and manage practitioner and patient data. The data export script (data_export.py), located in the code repository, allows exporting the data saved in the SQLite database as serialized FHIR resources (JSON) or in a custom simplified format (JSON).
Simulation Objective
The implemented discrete-event simulation aims to produce (as good as possible) realistic event sequences that can be classified as either normal or anomalous patterns of healthcare system usage. It aligns with the confidentiality scenario described by McGlade and Scott-Hayward (2019)1, where various event sequences are generated to mimic normal and anomalous usage patterns.
In this context, 'access' events by clinician users against patients can be defined, within a 24-hour period, as anomalous when a user accesses a patient record without a legitimate relationship to the patient and without a 'break-glass' event. A relationship is defined by the presence or absence of appointments, observations, or encounters linking the patient and the clinician user. A 'break-glass' event is when a clinician legitimately accesses a patient record in an emergency situation.
Classification Table
When event sequences are aggregated on a 24-hour basis, they can be classified according to the following classification table, as specified by McGlade and Scott-Hayward (2019)1:
| ID | Appointments | Observations | Encounters | Break-Glass | Class | Description |
|---|---|---|---|---|---|---|
| 1 | ❌ | ❌ | ❌ | ❌ | Anomaly | No relationship between clinician and patient, no emergency access. |
| 2 | ❌ | ❌ | ❌ | ✅ | Normal | Emergency 'break-glass' event occurred. |
| 3 | ❌ | ❌ | ✅ | ❌ | Anomaly | Clinician met patient, no future appointment, no emergency access. |
| 4 | ❌ | ❌ | ✅ | ✅ | Normal | Emergency access to patient records during an encounter. |
| 5 | ❌ | ✅ | ❌ | ❌ | Anomaly | Clinician observed patient, no future appointment, no emergency access. |
| 6 | ❌ | ✅ | ❌ | ✅ | Normal | Emergency 'break-glass' event occurred during an observation. |
| 7 | ❌ | ✅ | ✅ | ❌ | Anomaly | Clinician met and observed patient, no future appointment, no emergency access. |
| 8 | ❌ | ✅ | ✅ | ✅ | Normal | Emergency access to patient records during an encounter and observation. |
| 9 | ✅ | ❌ | ❌ | ❌ | Normal | Future appointment exists, no emergency access. |
| 10 | ✅ | ❌ | ❌ | ✅ | Anomaly | Future appointment exists, but emergency 'break-glass' event occurred. |
| 11 | ✅ | ❌ | ✅ | ❌ | Normal | Clinician met patient, future appointments exist, no emergency access. |
| 12 | ✅ | ❌ | ✅ | ✅ | Normal | Emergency access to patient records during an encounter, future appointments exist. |
| 13 | ✅ | ✅ | ❌ | ❌ | Normal | Clinician observed patient, future appointments exist, no emergency access. |
| 14 | ✅ | ✅ | ❌ | ✅ | Normal | Emergency access to patient records during an observation, future appointments exist. |
| 15 | ✅ | ✅ | ✅ | ❌ | Normal | Normal hospital visit, no emergency access. |
| 16 | ✅ | ✅ | ✅ | ✅ | Normal | Emergency access to patient records during an encounter and observation, future appointments exist. |
Simulation Assumptions
The discrete-event simulation is based on several key assumptions to ensure it produces realistic event sequences. The table below summarizes these assumptions:
| Assumption | Description |
|---|---|
| Discrete Time Units | The simulation operates in discrete time units (minutes). |
| Practitioner Availability | Practitioners have predefined work schedules (full-time, evening-shift, split-shift, part-time, weekend-only, and rotating 8-hour shifts) to ensure the simulation mimics real-world constraints and availability of healthcare practitioners. |
| Event Probabilities | Events occur with predefined probabilities, and the time between events occurs based on predefined probability distributions. |
| Patient Cooldown | Patients have a cooldown period between appointments to simulate realistic scheduling and prevent unrealistic frequent appointments. |
| Dynamic Patient Population | The simulation dynamically adjusts the patient population based on discharge and new patient addition probabilities. |
| Sequence Generation of Events | The simulation can generate singleton events or sequences of appointments, encounters, and observations: - Appointments: Can be scheduled, cancelled, or result in no-shows. - Encounters: Occur as actual visits and can follow appointments. - Observations: Made by practitioners and can occur during encounters. |
| Random BTG/Normal Access Events | The simulation can generate random Break The Glass (BTG) or normal access events at any time: - BTG Access Events: Occur with a predefined probability and represent emergency access to patient records. - Normal Access Events: Occur as part of regular scheduled interactions. |
Event Transition Diagram
The following sequence diagram illustrates the (high-level) event generation process in the discrete-event simulation. It shows how different types of events (appointments, encounters, observations, and Break The Glass (BTG) events) are generated, along with their respective probabilities. The diagram also highlights the concurrent generation of BTG and normal access events, which can occur independently of the main event sequences.
sequenceDiagram
participant MainProcess
participant Appointment
participant Encounter
participant Observation
participant BTGAccessEvent
participant NormalAccessEvent
MainProcess->>MainProcess: Sample Patient-Practitioner Pair
loop Event Sequence Generation
alt Sequence Type 1
MainProcess->>Appointment: Generate Appointment (33.33% chance)
alt Sequence Type 1.1
Appointment->>Observation: Generate Observation (33.33% chance)
end
alt Sequence Type 1.2
Appointment->>Encounter: Generate Encounter (66.66% chance)
Encounter->>Observation: Generate Observation (33.33% chance)
end
end
alt Sequence Type 2
MainProcess->>Encounter: Generate Encounter (33.33% chance)
Encounter->>Observation: Generate Observation (33.33% chance)
end
alt Sequence Type 3
MainProcess->>Observation: Generate Observation (33.33% chance)
end
Observation->>BTGAccessEvent: Generate BTG Event (5% chance)
end
loop Concurrent BTG/Normal Access Event Generation
alt BTG Access Event
MainProcess->>BTGAccessEvent: Generate BTG Access Event (5% chance)
end
alt Normal Access Event
MainProcess->>NormalAccessEvent: Generate Normal Access Event (5% chance)
end
end-
McGlade, D., & Scott-Hayward, S. (2019). ML-based cyber incident detection for Electronic Medical Record (EMR) systems. Smart Health, 12, 3–23. doi:10.1016/j.smhl.2018.05.001 ↩↩