Bill,
there are two kinds of audit trails in openEHR - the audit trail of a change to a transaction or other artifact (eg. access control group) - see the COmmon RM for the semantics; and audit trails of access. openEHR has not yet defined these, and I don't know if it should - I suspect they will differ everywhere. I expect that it has to be defined by an archetyped structure, so that basic semantics can be stated, and the normal archetype mechanism used as for everything else. I cannot comment on HIPAA compliance at this stage - not enough time to study it in detail. - thomas Bill Walton wrote: >Hi Thomas, > >Thomas Beale wrote: > > >>Bill Walton wrote: >> >> >>>>>BW: Further, it looks like the EHR access history should include >>>>> >>>>> >>>reads as well as writes. That way, the trail would lead to the >>>providers that have, with permission, made copies of the EHR within >>>their own systems. >>> >>> >>> >>>>SH: True - it will only be able to be stored as an HTML rendition >>>> >>>> >>>unless there is an extract in openEHR - but you are right - this could >>>be saved - this is difficult to police. >>> >>>Oops! I'd assumed there would be extracts in openEHR. HIPAA >>>specifies, under the Transaction Rules that go into effect in October >>>of this year, a number of EDI transactions between systems that would >>>require this. HTML will not be sufficient. >>> >>> >>Can anyone clarify this bit of the debate - I have lost track of what is >>being said here! >> >> > >I was inquiring about the audit trail capabilities intended to be >incorporated in v1.0 of openEHR and Sam was very graciously trying to >enlighten me. His commment re: HTML made me expand the question to >extracts. I'm not sure I was sufficiently clear about my line of >questioning, and comments by others make me wonder whether or not I should >take this off-line. I am specifically trying to ascertain the applicability >of openEHR to the emerging requirements here in the U.S. and do not wish to >infringe on the group's bandwidth if there is a less intrusive way to handle >my questions. Please let me know how you'd like me to proceed. And thank >you all for your patience to date. > >Best regards, >Bill > > > > > -- .............................................................. Deep Thought Informatics Pty Ltd mailto:thomasXXX at YYYdeepthoughtZZZ.WWWcom.AAAau (remove all caps) openEHR - http://www.openEHR.org Archetypes - http://www.deepthought.com.au/it/archetypes.html Community Informatics - http://www.deepthought.com.au/ci/rii/Output/mainTOC.html .............................................................. - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
