<status value="active"/> <date value="2025-12-19T08:44:27+00:00"/> <publisher value="HL7 International / Electronic Health Records"/> <contact> <telecom> <system value="url"/> <value value="http://www.hl7.org/Special/committees/ehr"/> </telecom> </contact> <description value="Notify of Audit Events, Review Audit Log"/> <jurisdiction> <coding> <system value="urn:iso:std:iso:3166"/> <code value="US"/> </coding> </jurisdiction> <purpose value="EHR system functions allow various methods of critical event notification (from audit triggers) as well as routine log review. Audit log notification and review functions implement requirements according to scope of practice, organizational policy, and jurisdictional law."/> <derivedFrom value="http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.2.3"/> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2.3-01"/> <label value="TI.2.3#01"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="The system SHALL provide the ability to render a report based on audit log entries."/> <derivedFrom value="TI.2.3#1"/> </statement> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2.3-02"/> <label value="TI.2.3#02"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="The system SHALL provide the ability to render reports based on ranges of system date and time that audit log entries were captured."/> <derivedFrom value="TI.2.3#2"/> </statement> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="false"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2.3-03"/> <label value="TI.2.3#03"/> <conformance value="SHOULD"/> <conditionality value="false"/> <requirement value="The system SHOULD provide the ability to render audit log entry time stamps using UTC (based on ISO 8601)."/> <derivedFrom value="TI.2.3#3"/> </statement> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="true"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2.3-04"/> <label value="TI.2.3#04"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="The system SHALL provide the ability to authorize emergency access to certain logs based on criteria such as individual work assignment, specific user role, specific reason(s), or a need to access a specific patient's information/record entries according to organizational policy and/or jurisdictional law."/> <derivedFrom value="TI.2.3#4"/> </statement> </Requirements>

Description I:

EHR system functions allow various methods of critical event notification (from audit triggers) as well as routine log review.

Audit log notification and review functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.

Criteria N:

TI.2.3#01

SHALL

The system SHALL provide the ability to render a report based on audit log entries.

TI.2.3#02

SHALL

The system SHALL provide the ability to render reports based on ranges of system date and time that audit log entries were captured.

TI.2.3#03

SHOULD

The system SHOULD provide the ability to render audit log entry time stamps using UTC (based on ISO 8601).

TI.2.3#04

SHALL dependent

The system SHALL provide the ability to authorize emergency access to certain logs based on criteria such as individual work assignment, specific user role, specific reason(s), or a need to access a specific patient's information/record entries according to organizational policy and/or jurisdictional law.