Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
5.7 AuditOne of the measures to ensure accountability is an audit trail. In previous consultations, it was widely agreed that an audit function is essential to ensure confidence by both individuals and healthcare providers.
The PCEHR System will provide an audit service to record all activity on the National eHealth infrastructure services and PCEHR-conformant repositories.
The audit service will identify who has accessed the services, what they accessed, when they accessed it and what authorisation they obtained in order to access it.
The audit log will record the following information:
- The PCEHR which was accessed (including IHI, name, sex and date of birth).
- The Date and Time that access was obtained (UTC Time).
- The user’s name.
- The user’s role (e.g. ‘self’, ‘authorised representative’, ‘nominated representative, ‘system operator’, HPI-O role, etc.).
- The system they used to access the PCEHR (e.g. consumer portal, conformant portal, provider portal, CSP, clinical system, etc.).
- In the case of access by a healthcare organisation, the HPI-O for the participating organisation and the HPI-O accessing organisation (where the HPI-O is different from the participating organisation’s HPI-O).
- Whether the PCEHR was accessed using the Individual’s Provider Access Consent Code (PACC), a Transferrable Access Key (TAK), by override (emergency or forgotten PACC) obtained by the healthcare provider, representative using the consumer portal, etc.
- Details of what was accessed, including information about the action (e.g. create, read, update, delete) and the item accessed (clinical documents, view, personal data, etc.).
The audit trails will be accessible by both individuals and providers. Based on who is accessing the audit trail, the view will differ as follows:
- Individuals (and their representatives) will only be able to see the audit trail relating to their PCEHR and individuals they represent. Individuals (and their representatives) will not be able to able to see the names of authorised users (only their role). If the individual wishes to know who accessed the information, they will need to formally request this information from the PCEHR System operator.
- Healthcare providers will only be able to see their own activity in the audit trail via the provider portal.
- The OMO will be able to see any activity relating to their organisation via the B2B Gateway.
- The CSP and CPP will be able to see any activity relating to their service via the B2B Gateway.
If the nominated representative or healthcare provider does not have access to ‘limited access’ information (see section 5.5.3), then any audit trail entries related to limited access information will not be visible.
The information in the audit trail will be utilised in two ways:
- Real time audit rules, based on regularly updated common patterns of misuse, will constantly monitor index usage and notify appropriate parties of a potential breach.
- Any user who is authorised to access an individual’s records, including individuals, authorised representatives and healthcare providers, will be able to request a summary of the audit trail to ensure that access was appropriate.
If it is suspected that the information has been used inappropriately, it will be escalated to the appropriate body for investigation.
Information within the audit trail will be retained in accordance with the retention policies described in Section 4.2.4.
Top of page