- Security Audit Logs -- contain log of security relevant events that have happened. These logs are used to prove that the security controls are working properly and to evaluate if the organizations security and privacy policies are being upheld. The use of these audit logs are limited to the privacy/security office. I outline in Accountability using ATNA Audit Controls how to get Privacy Audit Reports from a Security Audit Log.
- Medical Records Audit Logs -- contain log of clinically relevant events that have happened. Are used to prove that a clinical event has happened. Examples include that a drug that was ordered was administered by a specific nurse at a specific time. These audit logs need to be visible to the clinical users and are used in clinical decision support and reporting.
- Error/Event Audit Logs -- contain log of errors or events that have happened. Often these are debugging logs or diagnostic (software or hardware) logs that are used by service personnel during the installation, configuration, or servicing of the system/equipment
How much Patient Identifiable Data is allowed in Security Audit Logs?
- Patient Identifiable Data is the binding of healthcare data with identifiers of the patient. In the USA this is referred to as Protected Health Information (PHI).
- Audit logs, especially security logs, generally need many identifiers. These identifiers will give accurate sorting, filtering, and reporting.
- The Audit Reporting system can always use lookup services (IHE PWP, PDQ, XDS, or other) to convert identifiers into displayable names, or to find aliases that should also be used in the searching.
- Audit logs, especially security logs, generally do NOT need healthcare data. They need to identify the data, which is done using unique identifiers assigned to the data where possible.
Here is an abstract description of an ATNA audit event, one event:
- User ID (e.g. 212008131, NOT the user's personal name: "John Moehrke")
- Patient ID (e.g. pa123456, NOT the patient's personal name)
- Data ID (DICOM SOP Instance, CDA Document OID, XDS UUID)
- Description of what (Viewed, Created, Updated, Printed, Exported, etc)
- Success/Failure of the operation
Where are Security Audit Logs stored?
- IHE - Privacy and Security Profiles - Audit Trail and Node Authentication
- Accountability using ATNA Audit Controls
- ATNA and Accounting of Disclosures
- ATNA audit log recording of Query transactions
- How granular does an EHR Security Audit Log need to be?
- Document Submission: Audit requirements under error conditions
- ATNA + SYSLOG is good enough
- NIST SP800-92 Guide to Computer Security Log Management