标准摘要
[中文适用范围]: 本文件在审计触发事件和审计数据方面指定了电子健康记录(EHR)审计跟踪的通用框架,以保持整套个人健康信息在信息系统和领域中的可审计性。 它适用于处理个人健康信息的系统,每次用户通过系统读取、创建、更新或存档个人健康信息时,都会创建安全审核记录。 注:此类审核记录至少能够唯一地识别用户、唯一地识别护理对象、识别用户执行的功能(记录创建、读取、更新等),并记录执行该功能的日期和时间。 。 本文档仅涵盖在 EHR 上执行的操作,这些操作受电子健康记录所在域的访问策略的约束。 除了标识符之外,它不处理电子健康记录中的任何个人健康信息,审计记录仅包含管理访问策略定义的 EHR 部分的链接。 它不涵盖用于系统管理和系统安全目的的审核日志的规范和使用,例如检测性能问题、应用程序缺陷或支持数据重建,这些由通用计算机安全标准(例如 ISO)处理/ IEC 15408(所有部分)[9]。 附件 A 给出了审计场景的示例。 附录 B 概述了审核日志服务。 [外文原描述]: This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains. It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system. NOTE Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed. This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy. It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408 (all parts) [9] . Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services.
英文名称Health informatics — Audit trails for electronic health records