Skip to main content
Proceedings of the AMIA Symposium logoLink to Proceedings of the AMIA Symposium
. 1999:663–665.

Effective audit trails--a taxonomy for determination of information requirements.

P V Asaro 1, R L Herting Jr 1, A C Roth 1, M R Barnes 1
PMCID: PMC2232638  PMID: 10566442

Abstract

Current methods of detecting confidentiality breaches in electronic medical record systems are inadequate, partially due to the lack of necessary information at the point of audit trail analysis. In order to determine the information requirements for effective audit trail analysis, we have formulated a taxonomy of confidentiality breaches. By considering scenarios in which an inappropriate access might occur, we have identified "indicators" of confidentiality breaches, which may be thought of as evidence suggesting the possibility that a confidentiality breach has occurred. The collection of facts needed to describe the indicators provides insight into the types of information needed to improve confidentiality breach detection. Much of the information needed is unlikely to be available in the patient record. Research is needed exploring means of collecting and utilizing information from sources other than the patient record for use in improving patient information security.

Full text

PDF
663

Selected References

These references are in PubMed. This may not be the complete list of references from this article.

  1. Bowen J. W., Klimczak J. C., Ruiz M., Barnes M. Design of access control methods for protecting the confidentiality of patient information in networked systems. Proc AMIA Annu Fall Symp. 1997:46–50. [PMC free article] [PubMed] [Google Scholar]
  2. Hayam A. Security Audit Center--a suggested model for effective audit strategies in health care informatics. Int J Biomed Comput. 1994 Feb;35 (Suppl):115–127. [PubMed] [Google Scholar]
  3. Roger France F. H. Control and use of health information: a doctor's perspective. Int J Biomed Comput. 1996 Oct;43(1-2):19–25. doi: 10.1016/s0020-7101(96)01222-6. [DOI] [PubMed] [Google Scholar]
  4. Safran C., Rind D., Citroen M., Bakker A. R., Slack W. V., Bleich H. L. Protection of confidentiality in the computer-based patient record. MD Comput. 1995 May-Jun;12(3):187–192. [PubMed] [Google Scholar]

Articles from Proceedings of the AMIA Symposium are provided here courtesy of American Medical Informatics Association

RESOURCES