Audit Controls

Please click on the link to read the following article:

After reading the article, review the sections on Technical Safeguards, including Access Control and Audit Controls in this module’s reading assignment. The author states that audit controls are “‘hardware, software, and /or procedural mechanisms that record and examine activity in information systems.’ Most information systems provide some level of audit controls and audit reports. These are useful, especially when determining if a security violation occurred” (Gartee, p. 404).

Next, review the information presented in the table. This data was pulled to view a general login and logout pattern in the EHR for hospital staff on the morning listed (01/05/16). These are descriptions of these staff members’ positions.

  1. Joann Ward is a nurse who works in the general surgery floor.
  2. Steven Williams is a registration clerk who works in the radiology department.
  3. Lee Worley is a health information clerk who processes requests for records from other healthcare providers and facilities.
  4. Mary Smith is a nurse who works in the labor and delivery unit.
  5. Employee Dept Date Log In Pt # Pt Type Log out Patient Name
    JOANN WARD Surg 1/5/16 8:00 1223 Surg 8:17 Olson, Tom
    Surg 9:20 5776 Surg 9:24 Stanford, Gary
    Surg 9:26 3987 Surg 9:45 Johnson, George
    STEVEN WILLIAMS Radiology 1/5/16 8:05 3463 Radiology 8:08 Finch, Larry
    Radiology 8:35 5776 Surg 9:02 Stanford, Gary
    Radiology 9:03 1234 Radiology 9:07 Jones, Joe
    LEE WORLEY HIM 1/5/16 8:05 5776 Surg 8:15 Stanford, Gary
    HIM 8:45 9874 L&D 8:55 Ngyen, Mai
    HIM 9:15 1223 Surg 9:24 Olson, Tom
    MARY SMITH L&D 1/5/16 8:30 9874 L&D 8:45 Ngyen, Mai
    L&D 8:45 4858 Psychiatry 9:00 Smith, John
    L&D 9:00 9977 L&D 9:30 Tupper, Ann
    L&D 9:30 1124 L&D 10:00 West, Janet

    Given this information, answer the following questions:

    1. What can you tell from this audit log about Patient Gary Stanford’s visit?
    2. What can you tell from this audit log about Mai Ngyen’s visit?
    3. Do the staff members’ logins seem appropriate?
    4. Is there anything you would question on this audit log?

    Your response to this audit should be a two page document (four-five paragraphs) to provide a complete response to the audit results based on each of the roles.