Compliance module logging is designed to answer questions broader than those that can be answered using the
main audit log, such as:
- Which users have seen a given patient's data? What data was viewed by each user?
- Which patients have been seen by a particular user? What data was viewed for each patient?
- Which roles and PHI levels were declared by each user? Were those declarations appropriate to their job roles & assigned responsibilities?
- Was all data the user accessed consistent with the user's declarations?
To
configure Compliance Logging, use the
(Admin) > Folder > Management > Compliance tab.
Topics
What Gets Logged
The default behavior is to log only those queries that access PHI columns.
To open the
Audit Log:
- Select (Admin) > Site > Admin Console.
- Under Management click Audit Log.
- The following compliance-related views are available on the dropdown:
- Compliance Activity Events - Shows the Terms of Use, IRB, and PHI level declared by users on login.
- Logged query events - Shows the SQL query that was run against the data.
- Logged select query events - Lists specific columns and identified data relating to explicitly logged queries, such as a list of participant id's that were accessed, as well as the set of PHI-marked columns that were accessed.
- Site Settings events - Logs compliance-related configuration changes to a given folder, that is, changes made on a folder's Compliance tab.
- User events - Records login and impersonation events.
To change the logging behavior of a folder, see
Compliance: Configure PHI Data Handling.
Filter Behavior
When using compliance logging, you cannot filter by values in a column containing PHI. When you open the filter selector, you will see
Choose Filters and can use a
filtering expression. If you switch to the
Choose Values tab you will see a warning:
PIVOT Queries and Compliance Logging
Note that PIVOT queries cannot be used with compliance logging of query access. Logging is based on PHI access being checked by row linked to a participant. Because PIVOT queries aggregate data from multiple rows, and thus multiple participants, this access cannot be accurately logged. A pivot query run in a folder with the Compliance module running will raise an error like:
Saved with parse errors: ; Pivot query unauthorized.
Related Topics