The system SHALL audit each occurrence when Record Entry content is disclosed according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHALL capture identity of the organization from which Record Entry content is disclosed.

The system SHALL capture identity of the patient who is subject of Record Entry content disclosed.

The system SHALL capture identity of the user initiating disclosure of Record Entry content.

The system SHALL capture identity of the system application from which Record Entry content is disclosed.

The system SHALL capture the type of Record Event trigger (i.e., disclose).

The system SHALL capture the date and time Record Entry content is disclosed.

The system SHOULD capture identity of the location (i.e., network address) where Record Entry content is disclosed.

The system SHOULD capture the rationale for disclosing Record Entry content.

The system MAY capture the data, document or other identifier for Record Entry content disclosed.

The system SHALL capture that this is an occurrence when Record Entry content is known to be disclosed, according to scope of practice, organizational policy, and/or jurisdictional law.

The system SHOULD capture known and applicable permissions regarding Record Entry content disclosed including confidentiality codes, patient consent authorizations, privacy policy pointers.