4. Audit Control

From OpenEMR Project Wiki
Revision as of 18:57, 28 December 2009 by Bradymiller (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

1. Audit Requirements - Brief

Requirements from “Certification Standards Committee” [http://health.state.mn.us/ehealth/ standards/certrecs102609.pdf]

1. Provide the capability to record and examine activity in information systems that contain or use electronic protected health information.

2. Provide the capability to use the ATNA profile to communicate audit messages between Secure Nodes and to establish Audit Repository nodes to collect audit information. Note: The same is mentioned by the CCHIT - EHR ARRA 2011 Preliminary Certification as part of the Security Criteria related to Audit [http://www.cchit.org/sites/all/files/Preliminary%20ARRA%202011%20Security%20Criteria%2020 091001_0.pdf]

From CCHIT - CCHIT Ambulatory Requirements for Audit control [[1]]


2. Auditing Requirements - Detail

2.1 Auditing Events

Events common to both CCHIT and ATNA

1. start/stop

2. patient record created/viewed/updated/deleted

3. Query

4. Order

5. Node-authentication failure

6. PHI export

7. PHI import

8. Security Administration events

Events mentioned only in CCHIT

1. user login/logout

2. session timeout+F10

3. account lockout

4. scheduling

5. signature created/validated

6. backup and restore


Events mentioned only in ATNA

1. Reading or modification to the audit log

2. Begin-storing-instances

3. Health-service-event

4. Images-availability-query

5. Instances-deleted

6. Instances-stored

7. Medication

8. Mobile-machine-event

9. Patient-care-assignment

10. Patient-care-episode

11. Procedure record event

12. Study created

13. Study used

Refer http://www.openmedsoftware.org/wiki/File:Visolve_Audit_ATNA_Req.pdf to get to know more about Audit

Question (To finalize on): What are the events we need to consider?


3. Audit & ATNA - Actual Tasks

3.1 Auditing in OpenEMR

3.2 ATNA related tasks

Links