Monday, January 25, 2016

How often do you check your audit trails?

Connectathon day 1 in Cleveland: 539 tests verified, amazing… 

Nice view from the Cleveland conference
center to Rock and Roll Hall of Fame
I am testing ATNA (Audit Trail and Node Authentication) among others at the USA connectathon event in Cleveland, which is the profile dealing with audit trails. 

Especially with healthcare being the next target for hackers and source of identity theft, having a central audit trail repository that stores the events in a standard manner makes a lot of sense. Unfortunately, a lot of PACS and EMR systems use a semi-proprietary protocol and data format to store these events, which makes it hard for a system administrator and/or security and privacy officer to mine all of these logs on a regular basis. 

Having a central repository and requiring all systems to use the well-defined standard by IHE would make life a lot easier. It is not that hard to support: the ATNA profile defines a standard set of events to be reported as defined by DICOM and having all systems using the same format would make the reporting easy.

How often would you check an audit trail? There is no hard rule, but based on my informal poll with the administrators I get in our training classes, a weekly random check for a couple of accesses seems to be the norm. These checks would be documented so that if there is an audit, there is proof that someone would actively monitor these events.

If you like more information about this profile, visit www.ihenet and look for the ITI domain. I strongly suggest that you require ATNA support for any new healthcare IT system you are specifying and/or purchasing, it would make the life of your administrators and security officers much easier than having to deal with disparate logs in many different formats.