HL7 Personal Health Record System Functional Model, Release 2
2.0.1-ballot - Normative Ballot

HL7 Personal Health Record System Functional Model, Release 2, published by EHR WG. This guide is not an authorized publication; it is the continuous build for version 2.0.1-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/phrsfm-ig/ and changes regularly. See the Directory of published versions

Requirements: TI.2.2 Audit Log Management (Function)

Page standards status: Informative
Statement N:

Manage Audit Log

Description I:

Audit Triggers create Audit Log entries. Audit Log entries are typically managed as persistent evidence of events occurring over time, including events pertaining to record management, security, system operations and performance, key clinical situations.

Audit log entries capture event details, including key metadata (who, what, when, where).Audit log functions fulfill log maintenance and persistence requirements according to scope of practice, organizational policy, and jurisdictional law.

Criteria N:
TI.2.2#01 dependent SHALL

The system SHALL provide the ability to capture audit log entries using a standards-based audit record format according to scope of practice, organizational policy, and/or jurisdictional law (e.g., IETF RFC 3881 'Internet Engineering Task Force, Request For Comment, Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications').

TI.2.2#02 SHOULD

The system SHOULD provide the ability to annotate or tag previously recorded audit log entries.

TI.2.2#03 SHOULD

The system SHOULD provide the ability to store audit log entry metadata (including related metadata). NOTE: Audit log entry metadata and related metadata ought to be stored in a secure fashion.

TI.2.2#04 SHALL

The system SHALL provide the ability to log access to audit log entries, and/or metadata.