Pat you are correct, this is a HIPPA issue. For the most part we only allow access through the ARODBC. But you did bring up another issue that we haven't addressed yet, we do have another connection or two that needs to be looked at that also has a direct DB connection. I will be bringing that up to our management.
Ron Smith Web/Remedy System Developer Providence Health System [EMAIL PROTECTED] 503-216-7866 ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of patrick zandi Sent: Monday, January 22, 2007 12:08 PM To: [email protected] Subject: Re: Logging if someone accessed form data from Crystal Reports ** Joe, But that does not prevent someone connecting through the ODBC connectors outside ARS and pull the data. I could use the DB to Gain access to ARS data, and you not know it... This is the Hippa issue. Auditing on the DB is a must. (you might need an Admin position added - just to keep up with it, but it is the Secure approach) On 1/22/07, Joe DeSouza <[EMAIL PROTECTED]> wrote: ** If crystal is the only external app using the AR System ODBC driver, maybe you could try to log an attempt to perform a search, when the CLIENT-TYPE is the AR ODBC driver.. I think the value for that is 6... I haven't tried it but it must might be possible to write a piece of workflow when the AR ODBC driver performs a search on the AR System database... Give that a shot... Joe D'Souza Remedy Developer / Consultant, BearingPoint, Virginia. ----- Original Message ---- From: patrick zandi < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > To: [email protected] Sent: Monday, January 22, 2007 2:47:44 PM Subject: Re: Logging if someone accessed form data from Crystal Reports ** Ron, I would say this is outside the Realm of ARS, as the DB connection is the issue.. Now maybe BMC will add this feature in the future for tracking all data accessed with from DB level or ARS, but I do know know of anything like this yet. I would recommend checking your DB.. Oracle has Auditing Functionality, Also there are records for Listener connections, yet that does not tell you what tables.. so this is an Auditing withing the DB... Now once that is (DB Auditing) is running .. I am sure Remedy will access the Table records as its own.. for checking purposes just fine... Crystal is using ARODBC or ODBC -- or a Data Base Connection.. Help this get's you on the Correct Track.. Have a Great day. On 1/22/07, Smith, Ron <[EMAIL PROTECTED] > wrote: ** We have the need to place electronic patient health information into our Helpdesk application into permissioned off fields. In this day and age, Data Security in the Healthcare field is at DEFCON 5, I know from personal experience at Providence. We are about to implement workflow to log when a User accesses the Permissioned data on a form, i.e.. could have looked at a diary and attachment field. We know what to do inside the ARS environment to log this, but the question came up about a User going through Crystal Reports. Is there are way to identify a User could have viewed the Permissioned data through Crystal and then fire workflow that we could then update a Audit form like we do with workflow. Or is this data available else where that we could at least view and store for future auditing purposes. Thanks, Ron Smith Web/Remedy System Developer Providence Health System [EMAIL PROTECTED] 503-216-7866 DISCLAIMER: This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ ________________________________ 8:00? 8:25? 8:40? Find a flick in no time with theYahoo! Search movie showtime shortcut. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ DISCLAIMER: This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
