tag:blogger.com,1999:blog-4201874739367831894.post372893795552699788..comments2024-03-28T01:46:02.526-05:00Comments on Healthcare Exchange Standards: Patient Data in the Audit LogJohn Moehrkehttp://www.blogger.com/profile/04526719420117446030noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4201874739367831894.post-46643817209783140292013-01-24T21:05:20.582-06:002013-01-24T21:05:20.582-06:00This is not in conflict at all. The ASTM standard ...This is not in conflict at all. The ASTM standard is indicating that a 'pointer' be included in the audit log. This is exactly what I recommend. <br /><br />You are correct that a report generating tool would need to access various services to dereference these pointers so that proper searching and filtering can be done, and so that the report can be readable and accurate. However these dereferencing done by the audit log reporting system must also be properly authorized, and properly recorded in the audit log. Thus only with proper authorization can someone dereference these pointers into recognizable information. And when this dereferencing for the purposes of audit log reporting is done, it also creates more audit log entries. In this way, there is a way to watch the watchers.John Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.comtag:blogger.com,1999:blog-4201874739367831894.post-36796227241921096582013-01-24T17:09:54.793-06:002013-01-24T17:09:54.793-06:00John, thanks for interesting post.
2014 ONC certif...John, thanks for interesting post.<br />2014 ONC certification criteria refers to ASTM audit log standard to be used for 170.314(d)(2)<br />One of the requirement from Sec 7.6 is to log modify and delete events with a pointer to original data. <br />In this case any report generation tool would be able to pull this info and this info may contain PHI. <br /><br />Wouldn't it be a violation?<br /><br />Regards<br />sammohk.sammohhttps://www.blogger.com/profile/05271005865895820573noreply@blogger.com