ASTM E2147-18
(Specification)Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
ABSTRACT
This specification describes the security requirements involved in the development and implementation of audit and disclosure logs used in health information systems. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems, and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of confidential health care information to external users for use in manual and computer systems. This specification provides for two main purposes, namely: to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight; and to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it.
SIGNIFICANCE AND USE
4.1 Data that document health services in health care organizations are business records and shall be archived to a secondary but retrievable medium, and readily accessible, such as data that would be archived in a server or cloud storage. Audit data shall be retained for as long as the medical record is maintained, and may not be destroyed before the medical record may legally be destroyed, and in any event, for at least 10 years or for two years after the legal age of majority, unless a longer period of record retention is prescribed by state, federal or other law or regulation.
4.2 The purpose of audit data and disclosure logs is to document and maintain a permanent, trustworthy, and immutable record of all authorized and unauthorized activities of any nature whatsoever and disclosure of confidential health information {except exclusions per federal and state law [21 CFR 11 Subpart B(e)]}. This further facilitates the purpose that patients, healthcare providers, organizations, and others can obtain a verifiable, self-authenticating record documenting all activities with respect to that record. The process of information disclosure and auditing shall also conform, where relevant, with the Privacy Act of 1974 (3).
4.3 Audit reports designed for system access provide a precise capability for healthcare providers, organizations, patients, patient representatives, and advocates to see who has accessed and/or manipulated patient information. Because of the significant risk of medical information manipulation in computing environments by authorized and unauthorized users, the audit report is an important management tool to monitor access and any such manipulation retrospectively. In addition, the access and disclosure logs become powerful support documents for disciplinary and legal actions. Moreover, audit reports are essential components to comprehensive security programs in healthcare and vital for the privacy rights of the individual. A patient has a right to ...
SCOPE
1.1 This specification is for the development and implementation of secure audit data and logs for electronically stored health information. It specifies how to design the audit log to record all activities impacting a medical record, for example, creating a new record, entering data into a record, changing or deleting an existing record, and all additional user access data (for example, identification, location, and date and time) to patient-identifiable information maintained in computer systems. Such audit logs shall track not only data entry and modifications, but also simple access and viewing of the patient record, and whether any modifications are made during that access. This specification also includes principles for developing policies, procedures, and functions of health information logs to document all actions regarding identifiable health information for use in both manually entered (paper record) and computer systems.
1.2 The first purpose of this specification is to defin...
General Information
Standards Content (Sample)
This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the
Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
Designation: E2147 − 18
Standard Specification for
Audit and Disclosure Logs for Use in Health Information
1
Systems
This standard is issued under the fixed designation E2147; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope entries and actions that create, change, or delete electronic
records or other patient information. Full transparency of
1.1 This specification is for the development and implemen-
modifications or deletions or both is mandatory. For example,
tation of secure audit data and logs for electronically stored
record changes shall not obscure previously recorded informa-
health information. It specifies how to design the audit log to
tion. Such audit data and documentation shall be retained for a
record all activities impacting a medical record, for example,
period at least as long as that required for the subject paper and
creating a new record, entering data into a record, changing or
electronic records (together, “records”), including any time
deleting an existing record, and all additional user access data
period required by evidence preservation or litigation hold
(for example, identification, location, and date and time) to
requirements and applicable state or applicable federal laws
patient-identifiable information maintained in computer sys-
pertaining to the subject records. In no event shall the audit
tems. Such audit logs shall track not only data entry and
data or medical records in hard copy or electronic format be
modifications, but also simple access and viewing of the
destroyed in advance of that date prescribed by state, federal or
patient record, and whether any modifications are made during
other law or regulation, when such records may be legally
that access. This specification also includes principles for
destroyed; and in any case, not before ten years or, in the case
developing policies, procedures, and functions of health infor-
of a minor child, before two years after that child’s eighteenth
mation logs to document all actions regarding identifiable
birthday. If such records are for any reason maintained beyond
health information for use in both manually entered (paper
this minimum requirement, then the audit logs, and the data
record) and computer systems.
contained therein, must be maintained as long as the records
1.2 The first purpose of this specification is to define the
are maintained. Audit logs and healthcare information shall be
nature, purpose, and function of system access audit logs and
provided when specifically requested by authorized healthcare
their use in health information systems as a technical and
providers; the patient, his personal representative, advocate,
procedural tool to help provide privacy and security oversight
and/or designee; researchers; quality control personnel; and
and produce a self-authenticating record that would, when
organizational managers or administrators or both; and other
maintained together with its audit logs, speak to and confirm its
persons authorized to have access to patient records or patient-
own integrity and accuracy of the medical and other data
identifiable information or both in any form.
within the record. Moreover, in concert with organizational
1.3 In the absence of computerized logs, audit log principles
confidentiality and security policies and procedures, permanent
can be implemented manually in the paper patient record
audit logs can clearly identify all system application users who
environment with respect to permanently monitoring paper
accessed and acted on patient identifiable information or both,
patient record access, data entry, and data modification. Where
and identify the location of the user, identify patient informa-
the paper patient record and the computer-based patient record
tion accessed, and maintain a permanent record of actions
coexist in parallel, security oversight and access and data
taken by the user. Accomplishing the purpose of creating a
management shall address both environments with the under-
trustworthy record thus requires the use of secure, automatic,
lying and unifying principle being transparency regarding the
computer-generated, time-stamped audit logs, which shall be
identity of the individual accessing or acting upon data in the
used to independently record the identity of the user as well as
record or both; the location of the individual when doing so;
the date, time, and location of user access, and also record
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.