The Audit Tool
For those in a privacy officer role, SHIIP offers an audit tool that can be used to track a variety of activity, threats, and information. Each report is exportable into a .csv (usable in Microsoft Excel) format.
The User Login Summary Report
The User Login Summary provides users with a list of all user sessions. This includes the following information:
- Login date & time
- Logout date & time
- User’s last name
- User’s first name
- Organization
- IP Address
- # of pages viewed
- Request date/time of each page visited
- Page name for each page visited
- Page description for each page visited
Users with access to the audit tool may search for sessions attached to a specific user and/or organization.
The User/Patient Activity Report
The User/Patient Activity report provides users with a list of pages visited. Included with this is the following information:
- Date & time of request
- User’s last name
- User’s first name
- Organization
- Page name
- Patient’s name (if applicable)
- Patient’s primary care provider (if applicable)
- Patient’s health card number (if applicable)
- User/patient association (if applicable)
- Consent override was active (if applicable)
- Patient had a consent directive (if applicable)
- # of requests while visiting the page
- Date & time of request
- Action name
- Action description
- Data returned
Users with access to the audit tool may search for user/patient activity attached to a specific user and/or organization. An additional filter on this report allows users to see:
- Only patient profile interactions
- Only interactions where the patient was associated with the user’s organization
- Only interactions where the patient was not associated with the user’s organization
- Only interactions where the user and patient were seemingly related (same last name)
The Privacy Training Report
SHIIP allows privacy officers to see a breakdown of their organization’s privacy training status. This includes a list containing all users and their privacy training information. A full list of the included details are below:
- User’s first and last name
- The organization’s name
- The date of the user’s last privacy training
- The date that the user’s privacy training expires (include a count of days)
- The date of the user’s last accepted End User Agreeement.
The Suspected Breach Report
SHIIP dynamically tracks potential threats to both user accounts and personal health information. If you are a privacy officer and would like more specific information on each threat type, please contact us. The breach report that is accessible to any privacy officer displays the following information:
- Date / Time of suspected breach
- User’s first and last name
- The organization’s name
- The breach type
- The breach type’s definition
- The details of the breach (i.e. John Smith accessed 52 patient profiles on January 1st, 2020)
