Difference between revisions of "Audit trails"
From Clinfowiki
| Line 1: | Line 1: | ||
'''Audit Trails''' are logs that include the date and time of access, the information or record accessed, and the user ID under which [[Access control|access]] occurred. | '''Audit Trails''' are logs that include the date and time of access, the information or record accessed, and the user ID under which [[Access control|access]] occurred. | ||
| − | Organizations should maintain in retrievable and usable form audit trails that log all accesses to clinical information. | + | Organizations should maintain in retrievable and usable form audit trails that log all accesses to clinical information. <ref name="protect">Protecting Electronic Health Information (1997) http://www.nap.edu/catalog.php?record_id=5595</ref> |
Organizations that provide health care to their own employees should enable employees to conduct audits of accesses to their own health records. Organizations should establish procedures for reviewing audit logs to detect inappropriate accesses. We should provide procedures for and a record of “random” sampling of the audit logs. | Organizations that provide health care to their own employees should enable employees to conduct audits of accesses to their own health records. Organizations should establish procedures for reviewing audit logs to detect inappropriate accesses. We should provide procedures for and a record of “random” sampling of the audit logs. | ||
== References == | == References == | ||
| + | <references/> | ||
| − | + | [[Category: Definition]] | |
Revision as of 06:12, 11 October 2014
Audit Trails are logs that include the date and time of access, the information or record accessed, and the user ID under which access occurred.
Organizations should maintain in retrievable and usable form audit trails that log all accesses to clinical information. [1]
Organizations that provide health care to their own employees should enable employees to conduct audits of accesses to their own health records. Organizations should establish procedures for reviewing audit logs to detect inappropriate accesses. We should provide procedures for and a record of “random” sampling of the audit logs.
References
- ↑ Protecting Electronic Health Information (1997) http://www.nap.edu/catalog.php?record_id=5595
