Auditable events and tamper-resistance (MU3)

From OpenEMR Project Wiki
Revision as of 23:04, 13 October 2020 by Bradymiller (talk | contribs)

D2.png

Issues:

(d)(2)(i)(A)
  • The audit log must record the information specified in sections 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9 of the standard specified in ASTM E2147-01 and changes to user privileges when health IT is in use.

Final:

  • To ensure accurate time, server will need to set up a Network Time Protocol server that supports version 4 Network Time Protocol (NTP) as defined by RFC 5905.

Progress:

  • ASTM E2147-01 7.1.1 through 7.1.3 and 7.1.6 through 7.1.9, 7.2 and 7.4
  • Any changes to a user’s privileges must be captured to meet this criterion (e.g., user account creation, user switches roles and new privileges are assigned, revoking privileges, account disabling, etc.).