The system SHALL audit each occurrence when an output (e.g., report, screen shot) is generated from Record Entry content.

The system SHALL capture identity of the organization where output/report is generated from Record Entry content.

The system SHALL capture identity of the patient who is subject of the Record Entry(ies) populating the output/report generated.

The system SHALL capture identity of the user who generated the output/report of Record Entry content.

The system SHALL capture identity of the system application from which the output/report is generated.

The system SHALL capture the type of Record Event trigger (i.e., output/report).

The system SHALL capture the date and time the output/report is generated.

The system SHOULD capture identity of the location (i.e., network address) where the output/report is generated.

The system MAY capture the rationale for generating the output/report.

The system MAY capture the data, document, or other identifier for the output/report generated.

The system SHALL capture when a Record Entry content output/report occurrence is known to be a disclosure, according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHOULD capture known and applicable permissions regarding Record Entry content output/reported including confidentiality codes, patient consent authorizations, privacy policy pointers.