Difference between revisions of "3.1 Auditing in OpenEMR"
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Auditing in OpenEMR == | |||
This section describes about the auditing in OpenEMR. This comprises of two tasks. | This section describes about the auditing in OpenEMR. This comprises of two tasks. | ||
1. Enhancing the logging in OpenEMR | 1. Enhancing the logging functionality in OpenEMR | ||
2. Providing an "Audit Trail" GUI | 2. Providing an "Audit Trail" GUI | ||
The events | The events to be audited as per CCHIT requirements are given below: | ||
1. start/stop | 1. start/stop | ||
| Line 36: | Line 36: | ||
14. Backup and restore | 14. Backup and restore | ||
Log Format to be used | == Log Format to be used== | ||
Date - Sys-date with time | Date - Sys-date with time | ||
| Line 46: | Line 46: | ||
User Name - Name of the user who performs the task | User Name - Name of the user who performs the task | ||
Client certificate Name | |||
Patient ID - Patient Identifier | Patient ID - Patient Identifier | ||
Status - Success or Failure | Status - Success or Failure | ||
Checksum - checksum for the current record | |||
Description - SQL Queries passed/Other descriptions | Description - SQL Queries passed/Other descriptions | ||
The existing table 'log' is modified to hold the above information | |||
== Tasks involved == | |||
*a. Option to Enable/Disable the audit events | *a. Option to Enable/Disable the audit events | ||
The following configurations are added in globals.php | |||
$GLOBALS["enable_auditlog"] = 1; | |||
$GLOBALS["audit_events"] = array("patient-record"=>1, | |||
"scheduling"=>1, | |||
"query"=>1, | |||
"order"=>1, | |||
"security-administration"=>1, | |||
"backup"=>1, | |||
); | |||
Note: The events which were already logged by openemr are logged by default. | |||
*b. Logging all the events mentioned above (Logging database calls - high priority) | *b. Logging all the events mentioned above (Logging database calls - high priority) | ||
Most of the database calls are passed through | Most of the database calls are passed through functions [sqlInsert,sqlQuery,sqlStatement,sqlQ] mentioned in sql.inc. Log function are called from these functions. | ||
Note: The scope of this task | Calls from php-gacl and postnuke calander are also logged by modifying their own adodb mysql driver functions. | ||
Note: The scope of this task doesn't include changing the existing business logic used for update [Currently, even if a single field is used, all the data elements are passed through the update statement] | |||
*c. "Audit Trail" Gui - Enhancing the existing "Administration->Other->Logs (Logs Viewer)" to accomodate all the auditing events | *c. "Audit Trail" Gui - Enhancing the existing "Administration->Other->Logs (Logs Viewer)" to accomodate all the auditing events | ||
== Sample Screen == | |||
This is just a sample screen shot. More features (like start date and end date) & more events need to be included. | |||
[[File:AuditTrail.jpg|600px]] | |||
== Links == | == Links == | ||
* Associated with Sourceforge forum thread: | * Associated with Sourceforge forum thread: http://sourceforge.net/projects/openemr/forums/forum/202506/topic/3500441 | ||
== Status == | |||
Implementation completed. | |||
[[Category:Certification]][[Category:Certification Stage I]] | |||
Latest revision as of 02:46, 9 September 2012
Auditing in OpenEMR
This section describes about the auditing in OpenEMR. This comprises of two tasks.
1. Enhancing the logging functionality in OpenEMR
2. Providing an "Audit Trail" GUI
The events to be audited as per CCHIT requirements are given below:
1. start/stop 2. User login/logout 3. Session timeout 4. Account lockout 5. Patient record created/viewed/updated/deleted 6. Scheduling 7. Query 8. Order 9. node-authentication failure 10. Signature created/validated 11. PHI export (e.g. print) 12. PHI import 13. Security administration events 14. Backup and restore
Log Format to be used
Date - Sys-date with time
Component - Acutal module/event for which the log is meant for
Type of event - Insert/Update/Delete/Query/Others
User Name - Name of the user who performs the task
Client certificate Name
Patient ID - Patient Identifier
Status - Success or Failure
Checksum - checksum for the current record
Description - SQL Queries passed/Other descriptions
The existing table 'log' is modified to hold the above information
Tasks involved
- a. Option to Enable/Disable the audit events
The following configurations are added in globals.php
$GLOBALS["enable_auditlog"] = 1;
$GLOBALS["audit_events"] = array("patient-record"=>1,
"scheduling"=>1,
"query"=>1,
"order"=>1,
"security-administration"=>1,
"backup"=>1,
);
Note: The events which were already logged by openemr are logged by default.
- b. Logging all the events mentioned above (Logging database calls - high priority)
Most of the database calls are passed through functions [sqlInsert,sqlQuery,sqlStatement,sqlQ] mentioned in sql.inc. Log function are called from these functions.
Calls from php-gacl and postnuke calander are also logged by modifying their own adodb mysql driver functions.
Note: The scope of this task doesn't include changing the existing business logic used for update [Currently, even if a single field is used, all the data elements are passed through the update statement]
- c. "Audit Trail" Gui - Enhancing the existing "Administration->Other->Logs (Logs Viewer)" to accomodate all the auditing events
Sample Screen
This is just a sample screen shot. More features (like start date and end date) & more events need to be included.
Links
- Associated with Sourceforge forum thread: http://sourceforge.net/projects/openemr/forums/forum/202506/topic/3500441
Status
Implementation completed.
