Introduction
This page provides an abstract specification for the Audit Log service in openEHR.
Relevant Standards
Source Specifications
Below are some service definitions used in current openEHR products, from which design concepts have been drawn for the openEHR Audit Log service.
Comments (2)
27-Apr-2010
Erik Sundvall says:
RFC 3881 seems unnecessary complex in an openEHR setting. I guess it can be used...RFC 3881 seems unnecessary complex in an openEHR setting. I guess it can be used for some ideas and as a possible export format though.
A write-log is already implicitly included in openEHR as CONTRIBUTIONs. A well specified means of accessing CONTRIBUTIONs might be all that is needed.
A read-log could be based on openEHRs EHR-URIs and paths rather than the types identified in the RFC.
11-May-2011
Heath Frankel says:
An audit log is more than just a commit log, probably more importantly we need t...An audit log is more than just a commit log, probably more importantly we need to audit log read access. However, within a shared EHR sytem built from services, which may be federated, we need an aggregated audit trail of operations including authentication events, access control administration, demographic operations, EHR operations, notification and alert events. Only by having this aggregated view of audit events can we get the complete picture of what is happening to a particular persons health record. This is exactly what RFC 3881 is intended to support and why IHE include it as part of its infrastructure. If many health system vendors are implementing this as part of IHE implmentations I don't see why openEHR would choose a different one. Perhaps it supports more complex scenarios than is necessary but most of these are optional, for openEHR we may only need to provide the required fields.