pith. sign in

arxiv: 2604.09630 · v1 · submitted 2026-03-19 · 💻 cs.CY · cs.AI

Adoption and Effectiveness of AI-Based Anomaly Detection for Cross Provider Health Data Exchange

Cao Tram Anh Hoang This is my paper

Pith reviewed 2026-05-15 08:35 UTC · model grok-4.3

classification 💻 cs.CY cs.AI
keywords anomaly detectionelectronic health recordscross-provider data exchangeAI adoptionhealthcare securityIsolation ForestSHAP explainabilityaudit logs
0
0 comments X

The pith

A staged strategy of rule-based checks combined with machine learning prioritisation balances coverage and cuts alert volume in cross-provider health record anomaly detection.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a four-pillar readiness framework covering governance, infrastructure, workforce and AI integration to prepare organisations for AI anomaly detection in shared electronic health records. It tests this through simulation of audit logs that track provider mismatches, access timing, days since discharge, session length and frequency. Rule-based methods catch most anomalies but produce many alerts, while Isolation Forest lowers the alert count at the cost of missing some cases. The authors conclude that a hybrid staged rollout, using rules for initial coverage and machine learning for prioritisation plus SHAP explanations, provides a workable implementation path.

Core claim

Organisations can adopt AI-based anomaly detection for cross-provider EHR access by first meeting readiness criteria in governance, infrastructure, workforce and AI integration, then applying rules for broad coverage alongside Isolation Forest to prioritise likely threats, with SHAP values identifying dominant drivers such as provider mismatch and off-hours access.

What carries the argument

A four-pillar readiness framework operationalised as a 10-item checklist, paired with Isolation Forest anomaly detection on simulated contextual audit logs that include provider mismatch, time of access, days since discharge, session duration and access frequency.

Load-bearing premise

The simulated cross-provider audit logs with features such as provider mismatch, time of access, days since discharge, session duration, and access frequency capture the essential patterns of real-world anomalies and alert behaviours.

What would settle it

A live pilot in a multi-provider EHR network that records actual alert volumes, missed anomalies and staff response times, then compares those outcomes directly against the simulation predictions.

read the original abstract

This study investigates the adoption and effectiveness of AI-based anomaly detection in cross-provider electronic health record (EHR) environments. It aims to (1) identify the organisational and digital capabilities required for successful implementation and (2) evaluate the performance and interpretability of lightweight anomaly detection approaches using contextual audit data. A semi-systematic scoping synthesis is conducted to derive a four-pillar readiness framework covering governance, infrastructure/interoperability, workforce, and AI integration, operationalised as a 10-item checklist with measurable indicators. This is complemented by a simulation of cross-provider audit logs incorporating contextual features such as provider mismatch, time of access, days since discharge, session duration, and access frequency. A rule-based approach is benchmarked against Isolation Forest, with SHAP used to explain model behaviour. Results show that rule-based methods achieve high recall but generate higher alert volumes, while Isolation Forest reduces alert burden at the cost of lower sensitivity. SHAP analysis highlights provider mismatch and off-hours access as dominant anomaly drivers. The study proposes a staged deployment strategy combining rules for coverage and machine learning for prioritisation, supported by explainability and continuous monitoring. The findings contribute a practical readiness framework and empirical insights to guide the implementation of AI-based anomaly detection in multi-provider healthcare environments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper conducts a semi-systematic scoping synthesis to derive a four-pillar readiness framework (governance, infrastructure/interoperability, workforce, AI integration) operationalized as a 10-item checklist for AI-based anomaly detection in cross-provider EHR environments. It complements this with a simulation of synthetic cross-provider audit logs using features such as provider mismatch, time of access, days since discharge, session duration, and access frequency; benchmarks a rule-based detector against Isolation Forest; applies SHAP for interpretability; and proposes a staged deployment strategy that combines rules for coverage with machine learning for prioritization, supported by explainability and continuous monitoring.

Significance. If the simulation is properly validated, the work provides a practical organizational readiness checklist and empirical insights into the recall-versus-alert-volume trade-off between rule-based and ML anomaly detection in multi-provider health data exchange, addressing an important implementation gap at the intersection of healthcare interoperability and security.

major comments (2)
  1. [Simulation section] Simulation methodology: The generation process, parameter settings, anomaly injection rates, and base-rate calibration for the synthetic cross-provider audit logs are not described, so the reported recall/alert-volume trade-off and SHAP-derived feature importances (provider mismatch and off-hours access) cannot be assessed for robustness against real incident statistics.
  2. [Results section] Benchmarking results: Exact quantitative metrics (recall, precision, alert volume, or F1 scores) for the rule-based versus Isolation Forest comparison are not provided, leaving the central claim that Isolation Forest reduces alert burden at the cost of lower sensitivity under-supported and unsuitable for guiding the staged deployment recommendation.
minor comments (2)
  1. [Abstract] The abstract should state the number of studies reviewed in the scoping synthesis and the precise performance numbers obtained from the simulation.
  2. [Framework section] Clarify the operational measurement of the 10-item checklist indicators and how they would be assessed in a real multi-provider setting.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive comments, which have helped us identify areas where the manuscript can be strengthened. We address each major comment below and will make the necessary revisions to the manuscript.

read point-by-point responses

  1. Referee: [Simulation section] Simulation methodology: The generation process, parameter settings, anomaly injection rates, and base-rate calibration for the synthetic cross-provider audit logs are not described, so the reported recall/alert-volume trade-off and SHAP-derived feature importances (provider mismatch and off-hours access) cannot be assessed for robustness against real incident statistics.

    Authors: We agree with the referee that the simulation methodology requires more detailed description to allow proper assessment of the results. In the revised manuscript, we will add a comprehensive description of the synthetic data generation process in the Simulation section. This will include the full generation process, all parameter settings, anomaly injection rates, and base-rate calibration details. These additions will enable readers to evaluate the robustness of the reported trade-offs and SHAP feature importances. revision: yes

  2. Referee: [Results section] Benchmarking results: Exact quantitative metrics (recall, precision, alert volume, or F1 scores) for the rule-based versus Isolation Forest comparison are not provided, leaving the central claim that Isolation Forest reduces alert burden at the cost of lower sensitivity under-supported and unsuitable for guiding the staged deployment recommendation.

    Authors: We acknowledge that the benchmarking results were presented without the exact numerical metrics, which limits the support for the claims. We will revise the Results section to include a table presenting the precise quantitative metrics for both approaches, including recall, precision, alert volume, and F1 scores. This will provide concrete evidence for the recall-versus-alert-volume trade-off and strengthen the justification for the proposed staged deployment strategy combining rule-based and machine learning methods. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper's derivation consists of a scoping synthesis yielding a four-pillar readiness framework (operationalized as a 10-item checklist) plus a separate simulation study benchmarking rule-based detection against Isolation Forest on synthetic audit logs, with SHAP explanations. No equations, fitted parameters renamed as predictions, self-citation chains, or ansatzes are described that reduce any central claim to its own inputs by construction. The simulation features and results are presented as independent of the framework, with no self-definitional loops or load-bearing internal citations.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Only the abstract is available, so the ledger is necessarily incomplete; no explicit free parameters, axioms, or invented entities are stated in the provided text.

pith-pipeline@v0.9.0 · 5518 in / 1155 out tokens · 37479 ms · 2026-05-15T08:35:20.616548+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

8 extracted references · 8 canonical work pages · 1 internal anchor

  1. [1]

    explanation-based auditing,

    Introduction The exchange of electronic health records (EHRs) across care providers aims to support continuity of care, reduce duplicate tests, and improve patient safety. Digital health, encompassing information and communication technologies to enhance human health and healthcare delivery (Agarwal et al., 2010), has accelerated digital integration, requ...

    work page 2010

  2. [2]

    black boxes,

    Literature Review This literature review surveys research relevant to AI -enabled anomaly detection in EHRs and the associated organisational factors that influence adoption in cross -provider settings. The review covers peer-reviewed studies published between 2011 and 2025 and is organised by themes rather than strictly chronological order. The first the...

    work page 2011

  3. [3]

    map the extent, range and nature of the literature and identify gaps

    Methodology 3.1. Introduction The overall purpose of this study is twofold: to identify the organisational and digital capabilities that healthcare organisations require to adopt cross-provider AI-based anomaly-detection systems (RQ1) and to evaluate the effectiveness and interpretabil ity of lightweight anomaly -detection models when contextual audit fea...

    work page 2022

  4. [4]

    Results 4.1.1

    Results & Discussions 4.1. Results 4.1.1. Readiness checklist The semi -systematic review yielded 15 papers that addressed adoption or implementation of anomaly-detection systems, digital readiness or AI governance. Using thematic analysis, findings were synthesised into a four-pillar readiness checklist: Governance, Infrastructure/Interoperability, Workf...

    work page 2023

  5. [5]

    digital readiness

    Conclusion Cross-provider exchange of electronic health records remains fragmented, creating blind spots for inappropriate access and insider misuse (Upadhyay & Hu, 2022). The present study examines the organisational capabilities required to adopt AI -based anomaly d etection across shared data environments (RQ1) and evaluates the effectiveness and expla...

    work page 2022

  6. [6]

    Nagarajan Venkatachalam, whose timely feedback and supervision shaped the study’s scope, methods and presentation

    Acknowledgement This research benefited from the guidance and encouragement of Dr. Nagarajan Venkatachalam, whose timely feedback and supervision shaped the study’s scope, methods and presentation. Technical thanks are due to the open-source community whose tools enabled the simulation and analysis: Python/Jupyter, pandas, NumPy, scikit-learn, matplotlib,...

    work page

  7. [7]

    References Agarwal, R., Gao, G., DesRoches, C., & Jha, A. K. (2010). Research commentary—The digital transformation of healthcare: Current status and the road ahead. Information Systems Research, 21 (4), 796 –809. https://doi.org/10.1287/isre.1100.0327 Alotaibi, N., Wilson, C. B., & Traynor, M. (2025). Enhancing digital readiness and capability in healthc...

    work page doi:10.1287/isre.1100.0327 2010

  8. [8]

    https://doi.org/10.1186/s12913-025-12663-3 do Nascimento, I. J. B., Pizarro, A. B., de Souza, R. V., Almeida, M. C. P., & Lima, J. M. R. (2023). Barriers and facilitators to utilizing digital health technologies by healthcare professionals. npj Digital Medicine, 6(1), Article 161. https://doi.org/10.1038/s41746-023-00899-4 Fabbri, D., & LeFevre, K. (2011)...

    work page internal anchor Pith review Pith/arXiv arXiv doi:10.1186/s12913-025-12663-3 2023