ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
2.1.0 - local International flag

Publish Box goes here

: TI.2.2 Audit Log Management (Function) - XML Representation

Active as of 2024-11-26

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="EHRSFMR2.1-TI.2.2"/>
  <meta>
    <profile value="http://hl7.org/ehrs/StructureDefinition/FMFunction"/>
  </meta>
  <text>
    <status value="extensions"/>
    <div xmlns="http://www.w3.org/1999/xhtml">
    <span id="description"><b>Statement <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b> <div><p>Manage Audit Log</p>
</div></span>

    
    <span id="purpose"><b>Description <a href="https://hl7.org/fhir/versions.html#std-process" title="Informative Content" class="informative-flag">I</a>:</b> <div><p>Audit Triggers create Audit Log entries. Audit Log entries are typically managed as persistent evidence of events occurring over time, including events pertaining to record management, security, system operations and performance, key clinical situations.</p>
<p>Audit log entries capture event details, including key metadata (who, what, when, where).Audit log functions fulfill log maintenance and persistence requirements according to scope of practice, organizational policy, and jurisdictional law.</p>
</div></span>
    

    

    
    <span id="requirements"><b>Criteria <a href="https://hl7.org/fhir/versions.html#std-process" title="Normative Content" class="normative-flag">N</a>:</b></span>
    
    <table id="statements" class="grid dict">
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.2#01</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL provide the ability to capture audit log entries using a standards-based audit record format according to scope of practice, organizational policy, and/or jurisdictional law (e.g., IETF RFC 3881 &quot;Internet Engineering Task Force, Request For Comment, Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications&quot;).</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.2#02</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHOULD</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHOULD provide the ability to annotate or tag previously recorded audit log entries.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.2#03</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHOULD</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHOULD provide the ability to store audit log entry metadata (including related metadata). NOTE: Audit log entry metadata and related metadata ought to be stored in a secure fashion.</p>
</div></span>
                
                
            </td>
        </tr>
        
        <tr>
            <td style="padding-left: 4px;">
                
                <span>TI.2.2#04</span>
                
            </td>
            <td style="padding-left: 4px;">
                
                
                
                <span>SHALL</span>
                
            </td>
            <td style="padding-left: 4px;" class="requirement">
                
                <span><div><p>The system SHALL provide the ability to log access to audit log entries, and/or metadata.</p>
</div></span>
                
                
            </td>
        </tr>
        
    </table>
</div>
  </text>
  <url value="http://hl7.org/ehrs/Requirements/EHRSFMR2.1-TI.2.2"/>
  <version value="2.1.0"/>
  <name value="TI_2_2_Audit_Log_Management"/>
  <title value="TI.2.2 Audit Log Management (Function)"/>
  <status value="active"/>
  <date value="2024-11-26T16:30:50+00:00"/>
  <publisher value="EHR WG"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="http://www.hl7.org/Special/committees/ehr"/>
    </telecom>
  </contact>
  <description value="Manage Audit Log"/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
      <display value="World"/>
    </coding>
  </jurisdiction>
  <purpose
           value="Audit Triggers create Audit Log entries. Audit Log entries are typically managed as persistent evidence of events occurring over time, including events pertaining to record management, security, system operations and performance, key clinical situations.

Audit log entries capture event details, including key metadata (who, what, when, where).Audit log functions fulfill log maintenance and persistence requirements according to scope of practice, organizational policy, and jurisdictional law."/>
  <statement>
    <extension
               url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="EHRSFMR2.1-TI.2.2-01"/>
    <label value="TI.2.2#01"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL provide the ability to capture audit log entries using a standards-based audit record format according to scope of practice, organizational policy, and/or jurisdictional law (e.g., IETF RFC 3881 &quot;Internet Engineering Task Force, Request For Comment, Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications&quot;)."/>
    <derivedFrom value="EHR-S_FM_R1.1 IN.2.2#25"/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="EHRSFMR2.1-TI.2.2-02"/>
    <label value="TI.2.2#02"/>
    <conformance value="SHOULD"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHOULD provide the ability to annotate or tag previously recorded audit log entries."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="EHRSFMR2.1-TI.2.2-03"/>
    <label value="TI.2.2#03"/>
    <conformance value="SHOULD"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHOULD provide the ability to store audit log entry metadata (including related metadata). NOTE: Audit log entry metadata and related metadata ought to be stored in a secure fashion."/>
  </statement>
  <statement>
    <extension
               url="http://hl7.org/ehrs/StructureDefinition/requirements-dependent">
      <valueBoolean value="false"/>
    </extension>
    <key value="EHRSFMR2.1-TI.2.2-04"/>
    <label value="TI.2.2#04"/>
    <conformance value="SHALL"/>
    <conditionality value="false"/>
    <requirement
                 value="The system SHALL provide the ability to log access to audit log entries, and/or metadata."/>
  </statement>
</Requirements>