United States Health Information Knowledgebase

 

You are viewing the Abridged Children's EHR Format.
To view the Full Children's EHR Format, you must first agree to the HL7 License Agreement.

Req-275: Auditable Records
Release Package: 2013 Format


Release Package:

2013 Format

Requirement ID:

Req-275

Title:

Auditable Records

Description:

STATEMENT: Provide audit capabilities for system access and usage indicating the author, the modification (where pertinent), and the date and time at which a record was created, modified, viewed, extracted, or deleted. Date and Time stamping implies the ability to indicate the time zone where it was recorded (time zones are described in ISO 8601 Standard Time Reference). Auditable records extend to information exchange, to audit of consent status management (to support Req-256 (HL7 ID: DC.1.3.3)) and to entity authentication attempts. Audit functionality includes the ability to generate audit reports and to interactively view change history for individual health records or for an EHR-S.
DESCRIPTION: Audit functionality extends to security audits, data audits, audits of data exchange, and the ability to generate audit reports. Audit capability settings should be configurable to meet the needs of local policies. Examples of audited areas include:
- Security audit, which logs access attempts and resource usage including user login, file access, other various activities, and whether any actual or attempted security violations occurred
- Data audit, which records who, when, and by which system an EHR record was created, updated, translated, viewed, extracted, or (if local policy permits) deleted. Audit-data may refer to system setup data or to clinical and patient management data
- Information exchange audit, which records data exchanges between EHR-S applications (for example, sending application; the nature, history, and content of the information exchanged); and information about data transformations (for example, vocabulary translations, reception event details, etc.)
- Audit reports should be flexible and address various users' needs. For example, a legal authority may want to know how many patients a given healthcare provider treated while the provider's license was suspended. Similarly, in some cases a report detailing all those who modified or viewed a certain patient record
- Security audit trails and data audit trails are used to verify enforcement of business, data integrity, security, and access-control rules
-There is a requirement for system audit trails for the following events:
>Loading new versions of, or changes to, the clinical system;
>Loading new versions of codes and knowledge bases;
>Taking and restoring of backup;
>Changing the date and time where the clinical system allows this to be done;
>Archiving any data;
>Re-activating of an archived patient record;
>Entry to and exiting from the clinical system;
>Remote access connections including those for system support and maintenance activities

Related Requirements:

Relationship Release Package Requirement ID Requirement Title Requirement Type SHALL / SHOULD / MAY Compare Requirements
Req-275 Is Related To 2013 Format Req-123 Patient, Family and Care Giver Education Function Not Applicable Compare
Req-275 Is Related To 2013 Format Req-128 Manage Patient Demographics Function Not Applicable Compare
Req-275 Is Related To 2013 Format Req-255 Manage Clinical Documents and Notes Function Not Applicable Compare
Req-275 Requires 2013 Format Req-256 Manage Consents and Authorizations Function Not Applicable Compare
Req-275 Is Related To 2013 Format Req-262 Manage Patient-Specific Care and Treatment Plans Function Not Applicable Compare
Req-275 Is Related To 2013 Format Req-271 Support for Research Protocols Relative to Individual Patient Care Function Not Applicable Compare
Req-275 Is Child Of 2013 Format Req-295 Health Record Information and Management Header Not Applicable Compare
Req-275 Is Parent Of 2013 Format Req-666 Audit trails Normative Statements SHALL Compare

Topic Area(s):

Provenance:

HL7 EHR FM R1

Achievability:

Requirement Type:

Function

Shall/Should/May:

Critical/Core:

No

Status:

Released

Links:

Not Provided

See Also:

Not Provided

Comments:

Not Provided

Additional Information:

Not Provided

Select Download Type:

Download the selected requirement in a ZIP file that contains an MS Excel spreadsheet file.
Download the selected requirement in a ZIP file that contains a PDF file.
Download the selected requirement in a ZIP file that contains an MS Word file.

File Reader Downloads:

Programs which can be used to read the various file formats available on this page can be accessed below:

Microsoft Excel File Reader (for XLS files)
Download Excel Reader Exit Disclaimer

Portable Document Format Reader (for PDF files):
Download PDF Reader Exit Disclaimer

Microsoft Word Reader (for DOCX files):
Download Word Reader Exit Disclaimer

Last Updated 04/13/2016
Scroll To Top