Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Trail LIS 4776 Advanced Health Informatics Week 14

Published byCameron Wood Modified over 7 years ago

Similar presentations

Presentation on theme: "Audit Trail LIS 4776 Advanced Health Informatics Week 14"— Presentation transcript:

1 Audit Trail LIS 4776 Advanced Health Informatics Week 14
Instructor: Dr. Sanghee Oh College of Communication & Information, Florida State University

2 VPI's Audit Trail Reporting

3 Audit Trail

4 Overview Part of a Records Management Plan What is _________________?
A record must be genuine, or be “what it claims to be.” How do we achieve authenticity? The user must be assured that the systems that create, capture, and manage electronic records maintain records that are protected from _________________ and from _________________ while the record still has value.

5 What is an AUDIT TRAIL? A record (both paper and electronic) that tracks _________________on the system. The audit trail documents the activities performed on records and their metadata from creation to disposal. The audit trail typically documents the activities of: _________________ activities, transfers or the movement of records, modification, deletion, defining access, and usage history.

6 What is an AUDIT TRAIL? The system must _________________ capture the audit trail. The audit trail data must be _________________. The audit trail data must be unalterable. The audit trail must be _________________to the records they document, so that users can review audit information when they retrieve records.

7 Purpose of Audit Trail _________________: track individual actions to facilitate audit. _________________s: reconstruct events as and when required. _________________: online tools to help monitor problems _________________: identifying attempts to penetrate a system and gain unauthorized access.

8 Why AUDIT? Required by LAW (HIPAA)
The audit protocol covers Privacy Rule requirements for (1) notice of privacy practices for PHI, (2) rights to request privacy protection for PHI, (3) access of individuals to PHI, (4) administrative requirements, (5) uses and disclosures of PHI, (6) amendment of PHI, and (7) accounting of disclosures.

9 HIPAA Audit Program Protocol
Determine the _______________ that will be tracked or audited Select the _______________ that will be deployed for ___________and _______________ Develop and deploy the information system activity review/audit _________________ Develop appropriate ______________ operating procedures

10 Class Activity What could be the key components or activities you would need to audit in a healthcare setting with an EMR/EHR system? Find a partner for this activity. Identify 10 activities you would need to do audit.

11 Why AUDIT? The process provides information on ________ and __________. The process allows you to ________ the extent of breach and the damage. You are able to determine if a ________ is being targeted (trend analysis), if a ________ is looking at information not pertinent to their tasks, or if weaknesses are occurring on a frequent basis.

12 EHR 2014 Certification EHR 2014 Certification standards require that EHRs keep audit logs. At a minimum, they must log the following data elements: Date and Time of Event Patient Identification User Identification Type of Action (additions, deletions, changes, queries, print, copy) Identification of the Patient Data that is Accessed

13 Audit Trail Results Results can:
Reinforce the CIA model (Confidentiality, Integrity, and Availability) Prove compliance Change policy Look for gaps/risks Learning for analysis Provide an “independent” analysis

14 What is an AUDIT Policy? It provides a framework for:
Tracking ________ Providing ________

15 Metadata Given our exposure to records management plans, we are familiar with metadata Metadata is structured or semi-structured information that documents the creation, management and use of records through time and across domains. Recordkeeping metadata can identify, authenticate and contextualize records and the people, processes and systems that create, manage and use them.

16

17 Metadata Automatic extraction of metadata
Metadata from other software applications Option for manual entry Who defined “authorized personnel” What are the “criteria for access”

18 Audit Trails Audit trails track ________ by recording:
user requests for services services rendered frequency of requests for specific service data viewed by user data changed by user Audit trail is a mechanism for complete ________ of every action taken against the database

19 Audit Trails Audit trail answers the ‘________’ concerning data access
On the user side: Who initiated a transaction from what terminal and when? On the transaction side: What was the exact transaction that was initiated? On the data side: What was the result of the transaction? What were the database states before and after the transaction?

20 Audit Focus Check the following CONTROLS:
Disaster recovery, Record Management Plan Third party contracts Logical/Physical security Business controls Org. chart Training manuals

21 Audits looking for … Check for: Processes and training
Control mechanisms Security/Privacy Traceability Documentation Exceptions handling Regular testing schedule

22 Audit Tools A number of open-source utility tools as well as commercial scanners are available that can provide further insight into an organization’s vulnerabilities. Tenable Network Security: Nessus ( Nmap ( Crack (

23 Take Five with Continuous Network Monitoring

24 Report 10: Part 1 (Due April 12)
Read the article "Balancing Good Intentions: Protecting the Privacy of Electronic Health Information” by McClanahan K. Full citation information: McClanahan, K. (2008). Balancing good intentions: Protecting the privacy of electronic health information, Bulletin of Science Technology Society, 28(1), (You should locate the article by yourself.) Review the 7 recommendations suggested by the author. Briefly explain the 7 recommendations (1 or 2 sentences in your own words) and provide your thoughts on how we provide privacy while still ensuring access (1 page) 

25 Report 10: Part 2 (Due April 17)
Review the Guide to Privacy and Security of Health Information,  by the Office of the National Coordinator (ONC) for Health Information Technology.  Based on your learning through the course and the guide – 1) Who is the entity that patients should trust to keep their personal health information: the physician, the hospital, the RHIO/HIE, the individual consumer, the insurance company, the government, or a combination of them? 2) Why should that entity or entities be trusted (i.e., do they have complete data?)? (1 page) Who should patients trust the most? and why? (1/2 page). 

Download ppt "Audit Trail LIS 4776 Advanced Health Informatics Week 14"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
IMPLEMENTING AN ELECTRONIC RECORDS MANAGEMENT PROGRAM Philip C. Bantin Indiana University Archivist IU Electronic Records Program Website:

IMPLEMENTING AN ELECTRONIC RECORDS MANAGEMENT PROGRAM Philip C. Bantin Indiana University Archivist IU Electronic Records Program Website:
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Similar presentations

Ads by Google