관심표준 등록 : 표준업데이트 시 알림을 받을 수 있습니다.
PDF : 직접 파일 다운로드 및 인쇄 (마이페이지 확인)
PRINT : 인쇄본 우편발송, 2~3일 소요(PDF파일 미제공)
분야 | 14.01 : 보건정보학 |
---|---|
적용범위 | 1.1 This specification is for the development and implementation of security audit/disclosure logs for health information. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of health information to external users for use in manual and computer systems. The process of information disclosure and auditing should conform, where relevant, with the Privacy Act of 1974 (1). 1.2 The first purpose of this specification is to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight. In concert with organizational confidentiality and security policies and procedures, permanent audit logs can clearly identify all system application users who access patient identifiable information, record the nature of the patient information accessed, and maintain a permanent record of actions taken by the user. By providing a precise method for an organization to monitor and review who has accessed patient data, audit logs have the potential for more effective security oversight than traditional paper record environments. This specification will identify functionality needed for audit log management, the data to be recorded, and the use of audit logs as security and management tools by organizational managers. 1.3 In the absence of computerized logs, audit log principles can be implemented manually in the paper patient record environment with respect to permanently monitoring paper patient record access. Where the paper patient record and the computer-based patient record coexist in parallel, security oversight and access management should address both environments. 1.4 The second purpose of this specification is to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it. Security management of health information requires a comprehensive framework that incorporates mandates and criteria for disclosing patient health information found in federal and state laws, rules and regulations and ethical statements of professional conduct. Accountability for such a framework should be established through a set of standard principles that are applicable to all health care settings and health information systems. 1.5 Logs used to audit and oversee health information access and disclosure are the responsibility of each health care organization, data intermediary, data warehouse, clinical data repository, third party payer, agency, organization or corporation that maintains or provides, or has access to individually-identifiable data. Such logs are specified in and support policy on information access monitoring and are tied to disciplinary sanctions that satisfy legal, regulatory, accreditation and institutional mandates. 1.6 Organizations need to prescribe access requirements for aggregate data and to approve query tools that allow auditing capability, or design data repositories that limit inclusion of data that provide potential keys to identifiable data. Inferencing patient identifiable data through analysis of aggregate data that contains limited identifying data elements such as birth date, birth location, and family name, is possible using software that matches data elements across data bases. This allows a consistent approach to linking records into longitudinal cases for research purposes. Audit trails can be designed to work with applications which use these techniques if the query functions are part of a defined retrieval application but often standard query tools are not easily audited. This specification applies to the disclosure or transfer of health information (records) individually or in batches. 1.7 This specification responds to the need for a standard addressing privacy and confidentiality as noted in Public Law 104–191 (2), or the Health Insurance Portability and Accountability Act of 1996 (3). |
국제분류(ICS)코드 | |
페이지수 | 6 |
Edition | 01(2009) |
No. | 표준번호 | 표준명 | 발행일 | 상태 |
---|---|---|---|---|
1 | ASTM E2147-18 | Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems | 2018-05-01 | 표준 |
2 | ASTM E2147-01(2013) | Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems (Withdrawn 2017) | 2013-03-01 | 구판 |
3 | ASTM E2147-01(2009) | Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems | 2009-09-01 | 구판 |
4 | ASTM E2147-01 | Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems | 2001-11-10 | 구판 |
관련상품이 존재하지 않습니다.
함께 구입한 상품이 존재하지 않습니다.
IEC TS 63134:2020 - Active assisted living (AAL) use cases 상세보기
IEC 60034-5:2020 RLV - Rotating electrical machines - Part 5: Degrees of protection provided by the integral design of rotating electrical machines (IP code) - Classification 상세보기
KS B ISO TS 25740-1 - 에스컬레이터 및 무빙워크에 대한 안전요건 — 제1부: 세계공통 필수 안전요건(GESRs) 상세보기
KS B ISO TS 8100-21 - 승객 및 화물 운송용 엘리베이터 —제21부: 세계공통 필수안전요건(GESRs)을 충족하는 세계공통 안전 파라미터(GSPs) 상세보기
KS C IEC TS 62872 - 산업 시설과 스마트 그리드 사이의 산업 공정 측정, 제어 및 자동화 시스템 인터페이스 상세보기