Compliance module logging is designed to answer questions such as:
  • Which users have seen a given patient's data? What data was viewed by each user?
  • Which patients have been seen by a particular user? What data was viewed for each patient?
  • Which roles and PHI levels were declared by each user? Were those declarations appropriate to their job roles & assigned responsibilities?
  • Was all data the user accessed consistent with the user's declarations?

What Gets Logged

Events that are logged by default include:

  • The login event. Available at Admin > Site > Admin Console. Under Management click Audit Log and from the dropdown select User Events.
  • The user assertions on login (their Activity, IRB, and PHI level assersions). Available at Admin > Site > Admin Console. Under Management click Audit Log. On the dropdown, select Compliance Activity Events.
  • The terms of use agreed to. Available at Admin > Site > Admin Console. Under Management click Audit Log. On the dropdown, select Compliance Activity Events.

Other logging behavior must be is customized for each client's regulatory requirements. Possible logging events include:

  • The ParticipantIds and columns accessed, including the PHI columns.
  • The SQL query used to access data.

Related Topics

Discussion

previousnext
 
expand all collapse all