Difference between revisions of "Auditable events and tamper-resistance (MU3)"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
| Line 3: | Line 3: | ||
Issues: | Issues: | ||
:(d)(2)(i)(A) | :(d)(2)(i)(A) | ||
::*The audit log must record the information specified in sections 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147- | ::*The audit log must record the information specified in sections 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147-18 and changes to user privileges when health IT is in use. | ||
:::*TODO | :::*TODO | ||
::::*Analyze 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147- | ::::*Analyze 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147-18 | ||
::::*Record changes in user privileges (to fully support this, added logging for when change a user's access control group) | ::::*Record changes in user privileges (to fully support this, added logging for when change a user's access control group) | ||
:(d)(2)(i)(B) | :(d)(2)(i)(B) | ||
::*The audit log must record the information specified in sections 7.2 and 7.4 of the standard specified in ASTM E2147- | ::*The audit log must record the information specified in sections 7.2 and 7.4 of the standard specified in ASTM E2147-18 when the audit log status is changed. Interestingly, 7.2 and 7.4 do not exist in the | ||
Final: | Final: | ||
| Line 14: | Line 14: | ||
Progress: | Progress: | ||
:* ASTM E2147- | :* ASTM E2147-18 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9, 7.2 and 7.4 | ||
:*Any changes to a user’s privileges must be captured to meet this criterion (e.g., user account creation, user switches roles and new privileges are assigned, revoking privileges, account disabling, etc.). | :*Any changes to a user’s privileges must be captured to meet this criterion (e.g., user account creation, user switches roles and new privileges are assigned, revoking privileges, account disabling, etc.). | ||
Revision as of 03:03, 14 October 2020
Issues:
- (d)(2)(i)(A)
- The audit log must record the information specified in sections 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147-18 and changes to user privileges when health IT is in use.
- TODO
- Analyze 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147-18
- Record changes in user privileges (to fully support this, added logging for when change a user's access control group)
- (d)(2)(i)(B)
- The audit log must record the information specified in sections 7.2 and 7.4 of the standard specified in ASTM E2147-18 when the audit log status is changed. Interestingly, 7.2 and 7.4 do not exist in the
Final:
- To ensure accurate time, server will need to set up a Network Time Protocol server that supports version 4 Network Time Protocol (NTP) as defined by RFC 5905.
Progress:
- ASTM E2147-18 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9, 7.2 and 7.4
- Any changes to a user’s privileges must be captured to meet this criterion (e.g., user account creation, user switches roles and new privileges are assigned, revoking privileges, account disabling, etc.).
