Using process mining to detect workarounds that are used to reach an alternative goal
Summary
Modern day healthcare revolves around Health Information Systems (HISs) and Electronic Health Records (EHRs) that are stored in the cloud. Accountability has become a hot topic as patients want to know who accessed their record and why. Anecdotal evidence points to a risk where the justification for accessing records is not always validated. For this phenomenon I coin the term Alternative Goal Workaround (AGW). The research goal of this design science study is to explore this concept and to narrow the research gap in quantitative workaround detection. In a case study at a Dutch hospital, five AGWs are identified through stakeholder interviews. The PM24AGW methodology presents a way to distinguish between workarounds and legitimate process instances through the principle of exclusion. In iterative analysis cycles, patterns of legitimate behavior are captured to reduce false positives and detect workarounds with increasingly high precision, as demonstrated on the five workarounds at the case study hospital. By capturing knowledge about the AGWs in a snapshot, non-malicious AGWs can be addressed to improve the process, after which malicious AGWs will stand out even more. The PM24AGW methodology has empowered the hospital to more efficiently catch and sanction unlawful use of EHRs, making the hospital a safer place for patients.