tag:blogger.com,1999:blog-4201874739367831894.post4543466008452338008..comments2024-03-28T01:46:02.526-05:00Comments on Healthcare Exchange Standards: ATNA auditing of CCOW context changesJohn Moehrkehttp://www.blogger.com/profile/04526719420117446030noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4201874739367831894.post-65699528294755079592012-06-25T11:41:27.304-05:002012-06-25T11:41:27.304-05:00I'd say that my point was that logging (for th...I'd say that my point was that logging (for the purposes of auditing) context switches alone would be a reliable way to detect a pattern of "bad behavior" on the part of a user.<br /><br />Whether or not that's a concern of any particular standard, I'll defer to you on.Thomas Lukasikhttps://twitter.com/Sparkensteinnoreply@blogger.comtag:blogger.com,1999:blog-4201874739367831894.post-30715262791732616622012-06-25T11:21:28.135-05:002012-06-25T11:21:28.135-05:00Fantastic analysis. I don't disagree that the ...Fantastic analysis. I don't disagree that the context switch is important. What I am asking is if the context switch alone should be auditable. Given, as you point out, that the applications will do their own audit log of the data they show, thus a more descriptive audit is likely to happen at the application level.John Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.comtag:blogger.com,1999:blog-4201874739367831894.post-92152456236516668942012-06-25T11:17:44.370-05:002012-06-25T11:17:44.370-05:00John
In my experience, the default view following...John<br /><br />In my experience, the default view following a context switch is almost always enough to make it very clear to the user which patient that they've "switched to", and so can be expected to include information that is likely to need protection.<br /><br />Also, a context switch in itself strongly indicates that the user is "looking at" the contextual patient data, regardless of whether it is clinical, demographic, or whatever the specific application shows by default on the screen.<br /><br />So if a user is rapidly context switching between "Britney Spears", "Mitt Romney" and "Joe Namath" (say to collect address, phone number, or birth date information), then logging those context switches alone may be useful in exposing a data breach.<br /><br />That might be taken into consideration when deciding if a context switch is "interesting" from a security perspective.Thomas Lukasikhttps://twitter.com/Sparkensteinnoreply@blogger.com