Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 112: | Line 112: | ||
==== 4.1.2 High-level Assessment Methodology ==== | ==== 4.1.2 High-level Assessment Methodology ==== | ||
For each EHR system, we deploy the software on a local web server following the deployment instructions provided by each EHR’s community website. Next, we consult official documentation typically provided on the website for each of the EHR systems. In the documentation (typically user guides, development guides, or community wiki pages) we search for sections on auditing and logging to understand how to access these mechanisms in the actual application. Once we understand how to access the auditing mechanism, we open our locally-deployed EHR system and attempt to access these features to continue our analysis. We document all of our observations or difficulties during this analysis process for reflection after the analysis is complete. | |||
Once we have either physical access to or a general understanding of the given application’s auditing mechanism, we record the following information: | |||
# A flag (satisfied or unsatisfied) for each of the assessment criteria listed in the “Logging Actions” column of Table 2. | |||
# Any observations or important findings that may influence the results or provide justifications for results | |||
We repeat this process for each of the three EHR systems in the study. | |||
=== 4.2. Low-level Assessment using Black-box Test Cases === | === 4.2. Low-level Assessment using Black-box Test Cases === | ||