Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 31: | Line 31: | ||
Böck, et al., identify four primary concerns regarding software audit mechanism reliability<sup>[1]</sup>: | Böck, et al., identify four primary concerns regarding software audit mechanism reliability<sup>[1]</sup>: | ||
* ''storage confidentiality'' – malicious users should not be able to access log entries | |||
* ''machine-based non-repudiation'' – log files can be traced to a specific machine to identify the source of the audit entries | |||
* ''application-based non-repudiation'' – log entries can be traced to trusted software applications such that malicious users cannot manually create fake log entries | |||
* ''transmission confidentiality'' – accuracy and integrity of log file data is preserved during transmission | |||
Satisfying these concerns is not a simple task, especially for software developers who may implement software audit mechanisms without proactively considering the protection and reliability of the data contained within the log files. Böck, et al., suggest that these four concerns should be considered as a core set of requirements for any software audit mechanism<sup>[1]</sup>. Yet actually implementing the software and hardware infrastructure to fulfill these requirements may prove challenging. Combined with limited resources and a concern for user-based non-repudiation, the difficult task of satisfying these requirements may lead some system architects and software developers to abandon the idea of a reliable software audit mechanism in favor of a simplified, more vulnerable one based upon limited storage, unprotected log files, and weak non-repudiation. | |||
One motivation for implementing EHR audit mechanisms for user-based non-repudiation involves the mitigation of insider attack. An ''insider attack'' occurs when employees of an organization with legitimate access to their organizations' information systems use these systems to sabotage their organizations' IT infrastructure or commit fraud<sup>[9]</sup>. Researchers at the Software Engineering Institute at Carnegie Mellon University released a comprehensive study on insider threats that reviewed 49 cases of Insider IT Sabotage between 1996 and 2002<sup>[9]</sup>. According to the study: | |||
* 90% of insider attackers were given administrative or high-level privileges to the target system. | |||
* 81% of the incidents involved losses to the organization, with dollar amounts estimated between "five hundred dollars" and "tens of millions of dollars." | |||
* The majority of attacks occurred after the employees were terminated from the organization. | |||
* Lack of access controls facilitated IT sabotage | |||
Although federal laws, such as HIPAA, provide legal sanction against tampering with or stealing medical records, we cannot assume that employees working within a medical organization will always follow the rules. | |||
== 3. Related Work == | == 3. Related Work == | ||