3.1 Auditing in OpenEMR
3.1 Auditing in OpenEMR
This section describes about the auditing in OpenEMR. This comprises of two tasks.
1. Enhancing the logging in OpenEMR
2. Providing an "Audit Trail" GUI
The events decided to be audited are given below:
1. start/stop 2. User login/logout 3. Session timeout 4. Account lockout 5. Patient record created/viewed/updated/deleted 6. Scheduling 7. Query 8. Order 9. node-authentication failure 10. Signature created/validated 11. PHI export (e.g. print) 12. PHI import 13. Security administration events 14. Backup and restore
Log Format to be used is given below:
Date - Sys-date with time
Component - Acutal module/event for which the log is meant for
Type of event - Insert/Update/Delete/Query/Others
User Name - Name of the user who performs the task
Patient ID - Patient Identifier
Status - Success or Failure
Description - SQL Queries passed/Other descriptions
A new table can be created for this purpose
1.1 Tasks required
- a. Option to Enable/Disable the audit events
- b. Logging all the events mentioned above (Logging database calls - high priority)
Most of the database calls are passed through "sqlInsert" function. Log function can be called from that function. The places where the database calls are not routed via "sqlInsert" can be modified.
Note: The scope of this task won't include changing the existing business logic used for update (Even if a single field is used, all the data elements are passed through the update statement]
- c. "Audit Trail" Gui - Enhancing the existing "Administration->Other->Logs (Logs Viewer)" to accomodate all the auditing events
Links
- Associated with Sourceforge forum thread: http://sourceforge.net/projects/openemr/forums/forum/202506/topic/3500441