is some benefit in users' thinking that an audit trail is being kept and analyzed, such trails are truly effective only if their information is actually reviewed and analyzed.

Audit Trail Technologies Observed on Site Visits

The committee's site visits revealed that almost all organizations keep audit trails for access to information in central health care information systems, but they do so only inconsistently for secondary information systems. Management at one site believed that audit records were being kept but was not sure and did not feel that this was a problem because the belief that audit records were kept was enough to deter inappropriate behavior. In almost all sites, audit records were not reviewed until a complaint was received from a patient or employee who had alleged a breach of confidentiality. Follow-up was then generally a manual process of reviewing audit records and investigating the details of possible indications of misuse. Many of the sites visited by committee members display warning messages about audit review to users accessing sensitive information.

Another site allows employees to review all accesses to their own medical records (most workers in health care organizations receive personal care in their employing organization). Employees can, at the touch of a button, generate a list of all users who accessed their record over a specified period of time. Most employees reported that they check their access logs regularly after receiving medical treatment and check them periodically in between treatments to detect any unusual accesses. Although such reviews only rarely detect unwarranted accesses, both management and staff report that the capability has heightened workers' appreciation of patients' privacy concerns and has helped educate them about the legitimate flows of health care data throughout the organization (to physicians, nurses, billing clerks, etc.). All see it as a successful deterrent against internal abuses of privileges.

Audit Trail Technologies Not Yet Deployed in Health Care Settings

There is wide agreement that audit trails deter unethical use of health information insofar as breaches can be detected and sanctions instituted against abusers. Currently audit trail analysis is almost entirely manual, and as a result, audit trails are rarely scanned unless a misuse is suspected based on external evidence. Only a few of the sites visited used any sort of automated audit trail analysis or exception-reporting programs. The site that had the capability to display audit logs routinely for its own employees had developed software tools to extract a single thread of



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement