We're doing a Security Risk Analysis on our system and a few questions have come up wondering if we keep track of who looks at a certain patient's chart. I was wondering if anyone knew if Centricity keeps track of who all has looked at a patient's chart. I can somewhat track who makes clinical list changes, but as far as just looking over their information, I can't find anything. Other than making every chart sensitive, I can't really tell who is looking at what charts.
We haven't had any issues yet with people looking up PHI without reason, but it would be nice to have proof if it does happen.
Yep it does. There is a chart access report under the report/inquires section. Look under the medicalogic folder then Audit reports.
There are several there that will show that information.
Ah, I see. So, there is an audit_event for it. The Medical Logic reports didn't allow me to search by patient, so I'll try and build a report that can do it by patient instead of by the user.
Thanks Ernie!
I use this to look at in sql managerment console. Maybe it will help
This one is for access mainly
select * from PatientInfoLog where PatientProfileId = 171127 and Created > '2012-11-08 12:00:00'
This will show information on what was entered
select distinct(dc.contbid)as 'id',dc.CONTB_TIME,dc.DATA_DESC,dc.OLD_VAL,dc.NEW_VAL,dc.USERNAME,ae.EVENT_TIMESTAMP,ae.EVENT_ID from AUDIT_EVENT ae left outer join AUDIT_EVENT_DETAIL aed on ae.EVENT_ID = aed.EVENT_ID left outer join AUDIT_EVENT_TYPE aet on ae.EVENT_TYPE_ID = aet.EVENT_TYPE_ID left outer join DOCCONTB dc on ae.SDID = dc.SDID left outer join patientprofile pp on ae.pid = pp.pid where pp.patientprofileid = 73091 and ae.EVENT_TIMESTAMP >= '2012-02-22 00:00:00' and not(dc.CONTBID is null) order by ae.EVENT_TIMESTAMP,dc.CONTBID
Those queries didn't have "Access a normal chart" logs in them. I just went into Audit Event and scrapped this together, but it will give you everyone that has just opened the chart and looked at it in CPS. You can look further into the details and get information like if they went to the medications tab, started a new document, added a medication, etc. You'll need to edit the query some to get that information, though.
SELECT ae.EVENT_TIMESTAMP, aet.EVENT_TYPE_DESCRIPTION, u.FIRSTNAME, u.LASTNAME, ap.LOGINNAME, aed.EVENT_NOTE, ae.OUTCOME, vpi.last, dc.NEW_VAL, ap.OS_MACHINE_NAME FROM vRptAuditEvent vr JOIN AUDIT_EVENT ae ON ae.EVENT_ID = vr.event_id JOIN AUDIT_PROFILE ap ON ae.PROFILE_ID = ap.PROFILE_ID LEFT JOIN USR u ON u.LOGINNAME = ap.LOGINNAME LEFT JOIN AUDIT_EVENT_DETAIL aed ON ae.EVENT_ID = aed.EVENT_ID LEFT JOIN AUDIT_EVENT_TYPE aet ON aet.EVENT_TYPE_ID = ae.EVENT_TYPE_ID LEFT JOIN DOCCONTB dc ON ae.EVENT_ID = dc.EVENT_ID LEFT JOIN vPatientProfile vpi ON ae.PID = vpi.pid WHERE vpi.patientid = '61963' --vpi.first = 'test' AND vpi.last = 'testerman' AND aet.EVENT_TYPE_DESCRIPTION = 'Access a normal chart' ORDER BY vr.event_timestamp DESC
Thanks for pointing me in the right direction, Ernie.