1、Designation:E214718Standard Specification forAudit and Disclosure Logs for Use in Health InformationSystems1This standard is issued under the fixed designation E2147;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last re
2、vision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This specification is for the development and implemen-tation of secure audit data and logs for electronically storedhealth inform
3、ation.It specifies how to design the audit log torecord all activities impacting a medical record,for example,creating a new record,entering data into a record,changing ordeleting an existing record,and all additional user access data(for example,identification,location,and date and time)topatient-i
4、dentifiable information maintained in computer sys-tems.Such audit logs shall track not only data entry andmodifications,but also simple access and viewing of thepatient record,and whether any modifications are made duringthat access.This specification also includes principles fordeveloping policies
5、,procedures,and functions of health infor-mation logs to document all actions regarding identifiablehealth information for use in both manually entered(paperrecord)and computer systems.1.2 The first purpose of this specification is to define thenature,purpose,and function of system access audit logs
6、 andtheir use in health information systems as a technical andprocedural tool to help provide privacy and security oversightand produce a self-authenticating record that would,whenmaintained together with its audit logs,speak to and confirm itsown integrity and accuracy of the medical and other data
7、within the record.Moreover,in concert with organizationalconfidentiality and security policies and procedures,permanentaudit logs can clearly identify all system application users whoaccessed and acted on patient identifiable information or both,and identify the location of the user,identify patient
8、 informa-tion accessed,and maintain a permanent record of actionstaken by the user.Accomplishing the purpose of creating atrustworthy record thus requires the use of secure,automatic,computer-generated,time-stamped audit logs,which shall beused to independently record the identity of the user as wel
9、l asthe date,time,and location of user access,and also record allentries and actions that create,change,or delete electronicrecords or other patient information.Full transparency ofmodifications or deletions or both is mandatory.For example,record changes shall not obscure previously recorded inform
10、a-tion.Such audit data and documentation shall be retained for aperiod at least as long as that required for the subject paper andelectronic records(together,“records”),including any timeperiod required by evidence preservation or litigation holdrequirements and applicable state or applicable federa
11、l lawspertaining to the subject records.In no event shall the auditdata or medical records in hard copy or electronic format bedestroyed in advance of that date prescribed by state,federal orother law or regulation,when such records may be legallydestroyed;and in any case,not before ten years or,in
12、the caseof a minor child,before two years after that childs eighteenthbirthday.If such records are for any reason maintained beyondthis minimum requirement,then the audit logs,and the datacontained therein,must be maintained as long as the recordsare maintained.Audit logs and healthcare information
13、shall beprovided when specifically requested by authorized healthcareproviders;the patient,his personal representative,advocate,and/or designee;researchers;quality control personnel;andorganizational managers or administrators or both;and otherpersons authorized to have access to patient records or
14、patient-identifiable information or both in any form.1.3 In the absence of computerized logs,audit log principlescan be implemented manually in the paper patient recordenvironment with respect to permanently monitoring paperpatient record access,data entry,and data modification.Wherethe paper patien
15、t record and the computer-based patient recordcoexist in parallel,security oversight and access and datamanagement shall address both environments with the under-lying and unifying principle being transparency regarding theidentity of the individual accessing or acting upon data in therecord or both
16、;the location of the individual when doing so;the time and date of such actions/entries;and clear visibility ofmodifications such as addenda,deletions,error corrections,andlate entries.1.4 The second purpose of this specification is to identifyprinciples for establishing a permanent record of disclosure ofhealth information to external users and the data to be recordedin maintaining it.Security management of health information1This specification is under the jurisdiction of ASTM Committee E31 on
