Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms

From Ben Works
Revision as of 22:40, 8 September 2013 by Programsam (talk | contribs)
Jump to navigation Jump to search

J. King, B. Smith, L. Williams, "Modifying Without a Trace: General Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms", Proceedings of the International Health Informatics Symposium (IHI 2012), pp. 305-314, 2012.

Abstract

1. Introduction

2. Background

3.1. Challenges in Technology

3.1.1. Limited Infrastructure Resources

3.1.2. Log File Reliability

3.2. Challenges in Policy, Regulations, and Compliance

3.2.1. Ill-defined Standards, Policies, and Regulations

3.2.2. Ineffective Log Analysis

4. Assessment Methodology

4.1 High-level Assessment using Audit Guidelines and Checklists

4.1.1 Derivation of Non-specific Auditable Events

4.1.2 High-level Assessment Methodology

4.2. Low-level Assessment using Black-box Test Cases

4.2.1 Audit Test Case Template

4.2.2 Audit Test Case Example

5. Case Studies

5.1. Open-source EHR Systems Studied

5.2. High-level User-based Non-repudiation Assessment

5.3 Low-level User-based Non-repudiation Assessment with Black-box Test Cases

6. Modifying without a Trace

7. Limitations

8. Future Work

9. Conclusion

10. Acknowledgements

11. References

Retrieved from "https://bw.kn1.us/wiki/index.php?title=Modifying_Without_a_Trace:_High-level_Audit_Guidelines_are_Inadequate_for_Electronic_Health_Record_Audit_Mechanisms&oldid=739"