Purpose Detecting anomalous access to electronic health records (EHRs) is critical for safeguarding patient privacy and ensuring compliance with healthcare regulations. Traditional anomaly detection methods often struggle in this domain due to extreme class imbalance, limited labelled data and the subtlety of insider threats. This study proposes a lightweight, hybrid anomaly detection framework that integrates unsupervised, supervised and rule-based approaches using a meta-classifier architecture. Design/methodology/approach An experimental and model-development approach is employed, combining machine learning techniques with domain-inspired rule modelling to construct a hybrid anomaly detection framework for healthcare access logs. Performance of the algorithm is measured using standard classification metrics such as precision, recall, F1-score and accuracy. Findings Evaluated on a synthetic but realistic dataset of 50.000 normal and 500 labelled anomalous healthcare access events, the proposed framework achieved superior performance compared to standalone models as well as other hybrid models, with an F1-score of 0.8989 and recall of 0.8180. It also maintained low inference latency (0.028 ms) and energy consumption (4.03e−07 kg CO2), making it suitable for deployment in resource-constrained clinical environments. Originality/value This study highlights the potential of a hybrid meta-classifier to enhance anomaly detection in healthcare access logs, capturing both subtle and obvious anomalies while outperforming conventional models and remaining efficient, scalable and practical for real-time monitoring.
Matos et al. (Thu,) studied this question.