<status value="active"/> <date value="2025-12-19T08:44:27+00:00"/> <publisher value="HL7 International / Electronic Health Records"/> <contact> <telecom> <system value="url"/> <value value="http://www.hl7.org/Special/committees/ehr"/> </telecom> </contact> <description value="Audit Key Record, Security, System and Clinical Events"/> <jurisdiction> <coding> <system value="urn:iso:std:iso:3166"/> <code value="US"/> </coding> </jurisdiction> <purpose value="EHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations. Event details, including key metadata (who, what, when, where), are captured in an Audit Log. Audit Review functions allow various methods of critical event notification as well as routine log review. Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law."/> <derivedFrom value="http://hl7.org/ehrs/uv/ehrsfmr2/Requirements/EHRSFMR2-TI.2"/> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="true"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2-01"/> <label value="TI.2#01"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="The system SHALL conform to function [TI.1.3](Requirements-DHFPR2-TI.1.3.html) (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law."/> <derivedFrom value="TI.2#1"/> </statement> <statement> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-dependent"> <valueBoolean value="true"/> </extension> <extension url="http://hl7.org/ehrs/uv/ehrsfmr2/StructureDefinition/requirements-change-info"> <valueCode value="NC"/> </extension> <key value="DHFPR2-TI.2-02"/> <label value="TI.2#02"/> <conformance value="SHALL"/> <conditionality value="false"/> <requirement value="The system SHALL conform to function [TI.1.3](Requirements-DHFPR2-TI.1.3.html) (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information)."/> <derivedFrom value="TI.2#2"/> </statement> </Requirements>

Description I:

EHR Systems have built in audit triggers to capture key events in real-time, including events related to record management, security, system operations or performance or clinical situations.

Event details, including key metadata (who, what, when, where), are captured in an Audit Log.

Audit Review functions allow various methods of critical event notification as well as routine log review.

Audit functions implement requirements according to scope of practice, organizational policy, and jurisdictional law.

Criteria N:

TI.2#01

SHALL dependent

The system SHALL conform to function TI.1.3 (Entity Access Control) to limit access to, or modification of, audit record information to appropriate entities according to scope of practice, organizational policy, and/or jurisdictional law.

TI.2#02

SHALL dependent

The system SHALL conform to function TI.1.3 (Entity Access Control) to limit access to audit record information for purposes of deletion according to scope of practice, organizational policy, and/or jurisdictional law (e.g., limit access to only allow a specific system administrator to delete audit record information).