The system SHALL audit each occurrence when Record Entry content is viewed/accessed.

The system SHALL capture identity of the organization where Record Entry content is viewed/accessed.

The system SHALL capture identity of the patient who is subject of the viewed/accessed Record Entry content.

The system SHALL capture identity of the user who viewed/accessed Record Entry content.

The system SHALL capture identity of the system application in which Record Entry content is viewed/accessed.

The system SHALL capture the type of Record Event trigger (i.e., view/access).

The system SHALL capture the date and time Record Entry content is viewed/accessed.

The system SHOULD capture identity of the location (i.e., network address) where Record Entry content is viewed/accessed.

The system MAY capture the rationale for viewing/accessing Record Entry content (e.g., emergency access).

The system SHALL capture the data, document or other identifier for the viewed/accessed Record Entry content.

The system MAY capture whether the data/document viewed/accessed is a primary source record (e.g., patient's record) or an aggregated report (e.g., summary report including multiple patients).

The system SHALL capture when a Record Entry content view/access occurrence is known to be a disclosure, according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHOULD capture known and applicable permissions regarding Record Entry content viewed/accessed including confidentiality codes, patient consent authorizations, privacy policy pointers.