Please click on the link to read the following article:
After reading the article, review the sections on Technical Safeguards, including Access Control and Audit Controls in this module’s reading assignment. The author states that audit controls are “‘hardware, software, and /or procedural mechanisms that record and examine activity in information systems.’ Most information systems provide some level of audit controls and audit reports. These are useful, especially when determining if a security violation occurred” (Gartee, p. 404).
Next, review the information presented in the table. This data was pulled to view a general login and logout pattern in the EHR for hospital staff on the morning listed (01/05/16). These are descriptions of these staff members’ positions.
- Joann Ward is a nurse who works in the general surgery floor.
- Steven Williams is a registration clerk who works in the radiology department.
- Lee Worley is a health information clerk who processes requests for records from other healthcare providers and facilities.
- Mary Smith is a nurse who works in the labor and delivery unit.
Employee Dept Date Log In Pt # Pt Type Log out Patient Name JOANN WARD Surg 1/5/16 8:00 1223 Surg 8:17 Olson, Tom Surg 9:20 5776 Surg 9:24 Stanford, Gary Surg 9:26 3987 Surg 9:45 Johnson, George STEVEN WILLIAMS Radiology 1/5/16 8:05 3463 Radiology 8:08 Finch, Larry Radiology 8:35 5776 Surg 9:02 Stanford, Gary Radiology 9:03 1234 Radiology 9:07 Jones, Joe LEE WORLEY HIM 1/5/16 8:05 5776 Surg 8:15 Stanford, Gary HIM 8:45 9874 L&D 8:55 Ngyen, Mai HIM 9:15 1223 Surg 9:24 Olson, Tom MARY SMITH L&D 1/5/16 8:30 9874 L&D 8:45 Ngyen, Mai L&D 8:45 4858 Psychiatry 9:00 Smith, John L&D 9:00 9977 L&D 9:30 Tupper, Ann L&D 9:30 1124 L&D 10:00 West, Janet Given this information, answer the following questions:
- What can you tell from this audit log about Patient Gary Stanford’s visit?
- What can you tell from this audit log about Mai Ngyen’s visit?
- Do the staff members’ logins seem appropriate?
- Is there anything you would question on this audit log?
Your response to this audit should be a two page document (four-five paragraphs) to provide a complete response to the audit results based on each of the roles.
Expert Solution Preview
Introduction:
The article “Security Audits of Electronic Health Information” discusses the importance of the audit controls in information systems. The author emphasizes that audit controls can help in detecting security violations and protecting the privacy of patients. In this assignment, we will analyze the login and logout pattern of hospital staff in an electronic health record (EHR) system to assess the effectiveness of audit controls.
1. What can you tell from this audit log about Patient Gary Stanford’s visit?
From the audit log, we can determine that Gary Stanford had two visits to the hospital on January 5th, 2016. He first visited the general surgery floor where he was attended by Nurse Joann Ward. Later, he visited the radiology department, where he was attended by clerk Steven Williams. The audit log also shows that Gary Stanford had no appointments in the labor and delivery unit. Overall, the audit log provides a clear timeline of Gary Stanford’s visits to different hospital departments.
2. What can you tell from this audit log about Mai Ngyen’s visit?
The audit log shows that Mai Ngyen visited the hospital on January 5th, 2016, for a delivery in the labor and delivery unit. She was attended by Nurse Mary Smith. The audit log also shows that Mai Ngyen had no other appointments in other hospital departments on that day. The audit log provides a clear timeline of Mai Ngyen’s visit to the hospital.
3. Do the staff members’ logins seem appropriate?
The staff members’ logins seem appropriate as they correspond to their job responsibilities. Nurse Joann Ward, who works in the general surgery floor, attended patients in her department. Clerk Steven Williams, who works in the radiology department, attended patients in his department. Clerk Lee Worley, who processes requests for records from other healthcare providers and facilities, also had appropriate logins. Nurse Mary Smith attended patients in the labor and delivery unit. Therefore, the staff members’ logins correspond to their job duties.
4. Is there anything you would question on this audit log?
From the audit log, there is nothing that raises any concern or question in terms of security and privacy. The audit log provides accurate and relevant information about the staff members’ activities and their corresponding patients. However, it is essential to note that this audit log covers a small sample of one day only, and it is important to review audit logs regularly to identify any anomalies or security breaches that might occur.
Conclusion:
In conclusion, the audit log for the hospital staff in the EHR system provides useful information about the staff members’ activities and their corresponding patients’ activities. The audit log is an essential tool to ensure the security and privacy of patients’ information. Regular reviews of audit logs can help identify any anomalies or security breaches and take appropriate measures to prevent them.