Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 89: | Line 89: | ||
== 4. Assessment Methodology == | == 4. Assessment Methodology == | ||
Section 4.1 describes our high-level user-based non-repudiation assessment criteria for EHR audit mechanisms, based on non-specific auditable events (such as “view data” and “create data”). Section 4.2 describes the development and execution of our lower-level black-box test plan to help evaluate the logging of specific auditable events (such as “view diagnosis data” and “view patient demographics data”) for user-based non-repudiation. | |||
=== 4.1 High-level Assessment using Audit Guidelines and Checklists === | === 4.1 High-level Assessment using Audit Guidelines and Checklists === | ||