Joe may be on to something here. You can trigger a filter on Get Entry and this works for the client, Crystal, MS Access, etc (client type = 6 does work to limit it to just ARODBC but in the below example it should always fire). There was a thread "Question: Disable ODBC" on 11/5/06 regarding Client-Type= 6 and ARODBC access. The problem here is that is not specific to a field(s), just the record as a whole.
But what if you store all of the Permissioned data as separate records related to the parent in a second form and used a table field to view them from the parent. If you are familiar with version 6 of Asset it is like the "Additional Data" functionality. Then have a filter fire on Get Entry from the Permissioned form and create audit records for each PHI record that was accessed. This same filter would also fire when accessed by the ARODBC driver from Crystal. This only covers the ARS side of things so you will need to makes sure that the DB has sufficient protection as well. Jason _____ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Joe DeSouza Sent: Monday, January 22, 2007 12:01 PM To: [email protected] Subject: Re: Logging if someone accessed form data from Crystal Reports If crystal is the only external app using the AR System ODBC driver, maybe you could try to log an attempt to perform a search, when the CLIENT-TYPE is the AR ODBC driver.. I think the value for that is 6... I haven't tried it but it must might be possible to write a piece of workflow when the AR ODBC driver performs a search on the AR System database... Give that a shot... Joe D'Souza Remedy Developer / Consultant, BearingPoint, Virginia. ----- Original Message ---- From: patrick zandi <[EMAIL PROTECTED]> To: [email protected] Sent: Monday, January 22, 2007 2:47:44 PM Subject: Re: Logging if someone accessed form data from Crystal Reports ** Ron, I would say this is outside the Realm of ARS, as the DB connection is the issue.. Now maybe BMC will add this feature in the future for tracking all data accessed with from DB level or ARS, but I do know know of anything like this yet. I would recommend checking your DB.. Oracle has Auditing Functionality, Also there are records for Listener connections, yet that does not tell you what tables.. so this is an Auditing withing the DB... Now once that is (DB Auditing) is running .. I am sure Remedy will access the Table records as its own.. for checking purposes just fine... Crystal is using ARODBC or ODBC -- or a Data Base Connection.. Help this get's you on the Correct Track.. Have a Great day. On 1/22/07, Smith, Ron <[EMAIL PROTECTED]> wrote: ** We have the need to place electronic patient health information into our Helpdesk application into permissioned off fields. In this day and age, Data Security in the Healthcare field is at DEFCON 5, I know from personal experience at Providence. We are about to implement workflow to log when a User accesses the Permissioned data on a form, i.e.. could have looked at a diary and attachment field. We know what to do inside the ARS environment to log this, but the question came up about a User going through Crystal Reports. Is there are way to identify a User could have viewed the Permissioned data through Crystal and then fire workflow that we could then update a Audit form like we do with workflow. Or is this data available else where that we could at least view and store for future auditing purposes. Thanks, Ron Smith Web/Remedy System Developer Providence Health System [EMAIL PROTECTED] 503-216-7866 DISCLAIMER: This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ _____ 8:00? 8:25? 8:40? Find a flick in no time with theYahoo! Search movie showtime shortcut. __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
