26 Trial Lawyer • Summer 2023 record. The audit log shows who accessed a patient's record, when they accessed it, and what computer terminal they were using when they accessed it. Each time a patient's EMR is opened, the audit trail records the event. Audit data cannot be erased, and all events related to the access of a patient's EMR are permanently documented in the audit log. Providers cannot hide anything they do, or don't do, with the medical record. No one can escape the audit trail. The audit log shows the actions taken by the user in the record, including creation of new data, queries, views, revisions and deletions. The audit data can show the pop-ups and alerts that appeared to the user, the overrides the user performed and the best practices advisories that were displayed. It can also show functions the user performed, such as copy, print, copy and paste, and other actions performed on data. There is audit trail data for every electronic device that interfaces with or transmits data to the EHR system. This includes the PACS system, which stores and transmits radiology images, the PYXIS system, which dispenses and tracks medications, EKG machines, fetal heart monitors, blood pressure monitors, pitocin pumps and infusion devices. The EMR software can generate a report showing the life of an order — who created it, who reviewed it and when they reviewed it. Same for a lab test. For a physician’s progress note, the system can generate a specific report showing all versions of the note, including all deletions, revisions, additions, the time of those changes, who made the changes, and who looked at the note at any time. If you want to investigate whether the physician was overworked, the EMR software can generate an audit log tracking everything that physician did in the EMR of all patients for a particular time period. No one can escape Hospitals are required by federal law to use electronic medical record software that generates an audit log. The purpose of audit data and audit logs is to document and maintain a permanent, trustworthy and immutable record of all authorized and unauthorized activities of any nature and track who had access to a patient’s confidential health information. Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to improve “the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.” In response to HIPAA, the Department of Health and Human Services published the “right of access rule,” providing that “an individual has a right of access to inspect and obtain a copy of protected health information about the Audit Trail Continued from p 25
RkJQdWJsaXNoZXIy MTY1NDIzOQ==