Difference between revisions of "Audit trails"
From Clinfowiki
m (Audit Trails moved to Audit trails) |
|||
| Line 1: | Line 1: | ||
Audit Trails: Organizations should maintain in retrievable and usable form audit | Audit Trails: Organizations should maintain in retrievable and usable form audit | ||
| − | trails that log all accesses to clinical information. The logs should include the date | + | trails that log all [[Access control|accesses]] to clinical information. The logs should include the date and time of access, the information or record accessed, and the user ID under which access occurred. |
| − | and time of access, the information or record accessed, and the user ID under which | + | |
| − | access occurred. Organizations that provide health care to their own employees | + | Organizations that provide health care to their own employees |
should enable employees to conduct audits of accesses to their own health records. | should enable employees to conduct audits of accesses to their own health records. | ||
Organizations should establish procedures for reviewing audit logs to detect inappropriate | Organizations should establish procedures for reviewing audit logs to detect inappropriate | ||
accesses. We should provide procedures for and a record of “random” sampling of the audit logs. | accesses. We should provide procedures for and a record of “random” sampling of the audit logs. | ||
| − | References | + | == References == |
| − | http://www.nap.edu/catalog/5595.html | + | # http://www.nap.edu/catalog/5595.html |
Revision as of 13:42, 14 October 2011
Audit Trails: Organizations should maintain in retrievable and usable form audit trails that log all accesses to clinical information. The logs should include the date and time of access, the information or record accessed, and the user ID under which access occurred.
Organizations that provide health care to their own employees should enable employees to conduct audits of accesses to their own health records. Organizations should establish procedures for reviewing audit logs to detect inappropriate accesses. We should provide procedures for and a record of “random” sampling of the audit logs.
