Connectathon day 1 in Cleveland: 539 tests verified, amazing…
 |
| Nice view from the Cleveland conference center to Rock and Roll Hall of Fame |
I am testing ATNA (Audit Trail and Node Authentication) among others at the USA connectathon event in Cleveland, which is
the profile dealing with audit trails.
Especially with healthcare being the
next target for hackers and source of identity theft, having a central audit
trail repository that stores the events in a standard manner makes a lot of
sense. Unfortunately, a lot of PACS and EMR systems use a semi-proprietary
protocol and data format to store these events, which makes it hard for a
system administrator and/or security and privacy officer to mine all of these
logs on a regular basis.
Having a central repository and requiring all systems
to use the well-defined standard by IHE would make life a lot easier. It is not
that hard to support: the ATNA profile defines a standard set of events to be
reported as defined by DICOM and having all systems using the same format would
make the reporting easy.
How often would you check an audit trail? There is no hard
rule, but based on my informal poll with the administrators I get in our training
classes, a weekly random check for a couple of accesses seems to be the norm.
These checks would be documented so that if there is an audit, there is proof
that someone would actively monitor these events.
If you like more information about this profile, visit www.ihenet and look for the ITI domain. I strongly
suggest that you require ATNA support for any new healthcare IT system you are
specifying and/or purchasing, it would make the life of your administrators and
security officers much easier than having to deal with disparate logs in many
different formats.
