NeoMedSys will significantly increase the overall accessibility to highly sensitive medical data and will thus need stringent security measures for its database system we call MedQuery. Clinicians, managers, and patients that have the authorization to access NeoMedSys can view the data through on-platform features that use internal authorization in the backend. An example of this would be a drop-down SQL engine for retrieving user-specific data.
Data scientists and data analysts might have read-write permission and access to use the python database client with external user authorization. This will let them extract anonymized data to their local disk for machine learning development/analyses and write back processed data. Every transaction made with the database client can be thoroughly logged.
Anomaly detection can e.g. help us stop suspicious data transactions via monitoring user sessions and applications as they are sending requests to the database system. Every suspicious transaction needs to be promptly stopped and a red flag has to be raised for the session and user in question. A temporary revoked access can happen if the case is critical enough or if the transaction came from the database client.
The question is how do we set up a surveillance system like this? What anomaly detection(e.g. semi-supervised or unsupervised) methods do we use and how/when do we stop suspicious behaviour if we suspect it?