Affiliation:
1. North Carolina State University, USA
Abstract
Inadequate audit mechanisms may result in undetected misuse of data in software-intensive systems. In the healthcare domain, electronic health record (EHR) systems should log the creating, reading, updating, or deleting of privacy-critical protected health information. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing for non-repudiation and to assess whether general audit guidelines adequately address non-repudiation. The authors analyzed the audit mechanisms of two open source EHR systems, OpenEMR and Tolven eCHR, and one proprietary EHR system. The authors base the qualitative assessment on a set of 16 general auditable events and 58 black-box test cases for specific auditable events. The authors find that OpenEMR satisfies 62.5% of the general criteria and passes 63.8% of the black-box test cases. Tolven eCHR and the proprietary EHR system each satisfy less than 19% of the general criteria and pass less than 11% of the black-box test cases.
Subject
Microbiology (medical),Immunology,Immunology and Allergy
Reference18 articles.
1. Böck, B., Huemer, D., & Tjoa, A. M. (2010). Towards more trustable log files for digital forensics by means of 'trusted computing.' In Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, Australia (pp. 1020-1027).
2. Certified, C. C. H. I. T. (2011). Ambulatory EHR. Retrieved from https://www.cchit.org/cchit-certified
3. Logging in the Age of Web Services
4. An overview of computer forensics
5. EHR Incentives & Certifications. (2011) Meaningful use definition & objectives. Retrieved April 9, 2012, from http://www.healthit.gov/providers-professionals/meaningful-use-definition-objectives
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献