Audit logging has long been a required functionality for EHRs. As clinicians have broad access to patient medical records stored in the Electronic Health Record (EHR), as defined in Defining Key Health Information Technology Terms (The National Alliance for Health Information Technology, April 28, 2008): An electronic record of health-related information on an individual that conform..., it is critical for providers to have privacy and security tools in place that can monitor the unnecessary perusing of patient records.
Recently it was reported that an employee of University Hospitals improperly accessed medical and personal information of 692 patients over a three-year period. Thus, the need for improved audit logging controls continues.
Backend applications historically have gotten a get-out-of-jail free card with regards to audit logging. The perception is that the software is kept secure to data room servers, where access is limited to IT personnel only. These IT personnel are trusted individuals who have administrative rights to roam among sensitive data regardless. However, modern integration engines provide features and functionality which break outside the secured IT datacenter.
Integration engines now extend into departments, allowing technicians to view, monitor, and debug message flow themselves. This empowers departments with the necessary tools to get data flowing again during interruptions, without being so dependent on the interface team. But, this now exposes message PHI outside the security of the IT professionals who traditionally manage and debug the interfaces. This departmental access makes it critical that an integration engine incorporates the same audit logging capabilities as an EHR into the product.
Tracking of any PHI exposure is critical. Meaningful Use sets the standard for the functionality that must be included in an Audit Logging solution. Key audit logging requirements include:
>The ability to log events such as:
>The ability to log pertinent data such as:
- Date and time of event
- Patient identification
- User identification
- Type of action (from the list above)
- Identification of data (such as labs, demographic, etc.)
>Having audit logging on by default
>Administrator maintains privileges to turn off
>Tamper resistant data storage
>Ability to generate reports
Corepoint Integration Engine has modeled its audit logging requirements after the Meaningful Use definitions, and has passed the criteria for the 2014 Edition for EHR technologies. Visit our Take a Tour page to learn more about the latest features available in Corepoint Integration Engine that are helping customers of all sizes exchange data, scale smarter, and improve patient care.Tags: Corepoint Integration Engine, meaningful use, radiology