After discussion with Dr Dipak Kalra, we felt that the following would be of interest:
As part of the EHR developments at UCL we have been looking at appropriate ways of auditing user interactions with individual EHRs, as part of an overall security approach. For over a year our record server has kept an audit trail of each user access to or addition of data to any EHR. Through a helpful student project last summer (thanks to Asif Ali) we now also have a first prototype client and query service that permits an administrator to examine which users have accessed parts of an individual patient's record, which records a given user has accessed, or the general accesses that have occurred for any given archetype, within any date-time period. What we next need to do is to extend the client to support richer interrogation, and to examine again if we are retaining the most appropriate data items within the audit log. A further challenge is for us to explore the level of granularity at which to retain the audit information. The biggest question in Dipak's mind is how best to "audit" the result of running a query in which many record components are extracted and examined (perhaps by an application) to determine if they fulfil the query criteria, but only a few are actually returned to the end user initiating the request. The record server might not "know" of the filtration taking place, since its interactions would only be with the application, and not the end-user. On consideration of the recent discussion regarding the Harvard University experiments to display warning messages on the screens of clinicians, we have this facility to log user (whether users are clinicians or patients) access to EHRs; a work in progress project to develop a browser screen to access this data and display it is described above - please see: http://www.ehr.chime.ucl.ac.uk/docs/Ali,%20Asif%20(MSc%202003).pdf The data which is persisted and the GUI is keyed to logging user access, primarily to ensure that patient episode information and treatment recording is exported in a way which promotes efficient patient care and clinician support, with the added value that records access is logged for scrutiny should it be necessary. Best wishes, Nathan - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
