ASTM E2147-01(2013)
Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

Standard No.

ASTM E2147-01(2013)

Release Date

2001

Published By

American Society for Testing and Materials (ASTM)

Status

Be replaced

Replace By

ASTM E2147-18

Latest

ASTM E2147-18

Scope

4.1 Data that document health services in health care organizations are business records and must be archived to a secondary but retrievable medium. Audit logs should be retained, at a minimum, according to the statute governing medical records in the geographic area.

4.2 The purpose of audit access and disclosure logs is to document and maintain a permanent record of all authorized and unauthorized access to and disclosure of confidential health care information in order that health care providers, organizations, and patients and others can retrieve evidence of that access to meet multiple needs. Examples are clinical, organizational, risk management, and patient rights' needs.

4.3 Audit logs designed for system access provide a precise capability for organizations to see who has accessed patient information. Due to the significant risk in computing environments by authorized and unauthorized users, the audit log is an important management tool to monitor, access retrospectively. In addition, the access and disclosure log becomes a powerful support document for disciplinary action. Audit logs are essential components to comprehensive security programs in health care.

4.4 Organizations are accountable for managing the disclosure of health information in a way that meets legal, regulatory, accreditation and licensing requirements and growing patient expectations for accountable privacy practices. Basic audit trail procedures should be applied, manually if necessary, in paper patient record systems to the extent feasible. Security in health information systems is an essential component to making progress in building and linking patient information. Successful implementation of large scale systems, the use of networks to transmit data, growing technical capability to address security issues and concerns about the confidentiality, and security provisions of patient information drive the focus on this topic. (See Guide E1384.)

4.5 Consumer fears about confidentiality of health information and legal initiatives underscore disclosure practices. Patients and health care providers want assurance that their information is protected. Technology exists to incorporate audit functions in health information systems. Advances in security audit expert systems can be applied to the health care industry. Emerging off-the-shelf products will be able to use audit logs to enable the detection of inappropriate use of health information. Institutions are accountable for implementing comprehensive confidentiality and security programs that combine social elements, management, and technology.

1.1 This specification is for the development and implementation of security audit/disclosure logs for health information. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of health information to external users for use in manual and computer systems. The process of information disclosure and auditing should conform, where relevant, with the Privacy Act of 1974 (1).²<......

ASTM E2147-01(2013) Referenced Document

• ASTM E1384 Standard Guide for Content and Structure of the Electronic Health Record (EHR)
• ASTM E1633 Standard Specification for Coded Values Used in the Electronic Health Record*， 2024-04-20 Update
• ASTM E1762 Standard Guide for Electronic Authentication of Health Care Information
• ASTM E1869 Standard Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records
• ASTM E1902 Standard Guide for Management of the Confidentiality and Security of Dictation, Transcription, and Transcribed Health Records
• ASTM E1986 Standard Guide for Information Access Privileges to Health Information

ASTM E2147-01(2013) history

• 2018 ASTM E2147-18 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
• 2001 ASTM E2147-01(2013) Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
• 2009 ASTM E2147-01(2009) Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
• 2001 ASTM E2147-01 Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems