Auditing

The Audit Tool

For those in a privacy officer role, SHIIP offers an audit tool that can be used to track user sessions. Every user action is logged and reviewable in two reports; the User Login Summary, and User/Patient Activity.

The User Login Summary Report

The User Login Summary provides users with a list of all user sessions. Included with this is the following information:

  • Login date & time
  • Logout date & time
  • User’s last name
  • User’s first name
  • Organization
  • IP Address
  • # of pages viewed
    • Request date/time of each page visited
    • Page name for each page visited
    • Page description for each page visited

Users with access to the audit tool may search for sessions attached to a specific user and/or organization.

 

The User/Patient Activity Report

The User/Patient Activity report provides users with a list of pages visited. Included with this is the following information:

  • Date & time of request
  • User’s last name
  • User’s first name
  • Organization
  • Page name
  • Patient’s name (if applicable)
  • Patient’s primary care provider (if applicable)
  • Patient’s health card number (if applicable)
  • User/patient association (if applicable)
  • Consent override was active (if applicable)
  • Patient had a consent directive (if applicable)
  • # of requests while visiting the page
    • Date & time of request
    • Action name
    • Action description
    • Data returned

Users with access to the audit tool may search for user/patient activity attached to a specific user and/or organization. An additional filter on this report allows users to see:

  • Only patient profile interactions
  • Only interactions where the patient was associated with the user’s organization
  • Only interactions where the patient was not associated with the user’s organization
  • Only interactions where the user and patient were seemingly related (same last name)