Difference between revisions of "MU Stage1 Final Rule - Audit Log"
Peterbodtke (talk | contribs) |
(Added a glossary link to Action~) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 10: | Line 10: | ||
'''CERTIFICATION CRITERION''' | '''CERTIFICATION CRITERION''' | ||
Final Rule Text: §170.302(r). | Final Rule Text: §170.302(r). | ||
− | (1) Record | + | (1) [[Record~|Record]] [[action~|Action]]s. [[Record~|Record]] [[action~|Action]]s related to electronic health information in accordance with the standard specified in §170.210(b). |
(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at 170.210(b). | (2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at 170.210(b). | ||
Line 20: | Line 20: | ||
'''TEST CRITERIA #''' | '''TEST CRITERIA #''' | ||
§170.302(r) | §170.302(r) | ||
− | http://healthcare.nist.gov/docs/170.302.r_AuditLog_v1. | + | http://healthcare.nist.gov/docs/170.302.r_AuditLog_v1.1.pdf |
{| class="grey" border="1" cellpadding="2" | {| class="grey" border="1" cellpadding="2" | ||
! USERS | ! USERS | ||
Line 51: | Line 51: | ||
(Add details here) | (Add details here) | ||
− | '''ACTION ITEMS / NEXT STEPS''' | + | '''[[ACTION~|Action]] ITEMS / NEXT STEPS''' |
(Add details here) | (Add details here) | ||
'''OPEN ISSUES / QUESTIONS''' | '''OPEN ISSUES / QUESTIONS''' | ||
(Add details here) | (Add details here) |
Latest revision as of 20:21, 29 July 2012
SECTION # Section 170.302(r)—Audit Log
MU OBJECTIVE Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
MU STAGE 1 MEASURE Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
CERTIFICATION CRITERION Final Rule Text: §170.302(r). (1) Record Actions. Record Actions related to electronic health information in accordance with the standard specified in §170.210(b). (2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at 170.210(b).
STANDARDS 170.210(b) 45 CFR 164.308 http://edocket.access.gpo.gov/cfr_2003/octqtr/pdf/45cfr164.308.pdf
TEST CRITERIA # §170.302(r) http://healthcare.nist.gov/docs/170.302.r_AuditLog_v1.1.pdf
USERS | CORE / MENU | SOLUTION DEVELOPERS | STATUS |
---|---|---|---|
All | CORE | TBD | TBD |
SOLUTION DESIGN / TECHNOLOGY (Add details here)
SOLUTION COMPONENTS (Add details here - Ex. KIDS patch, Delphi code, User guide, Web resources, Manual test script, etc)
DEPENDENCIES (Add details here)
COMMENTS / NOTES (Add details here)
PREVIOUS NOTES (none)
DEVELOPMENT STATUS (Add details here)
Action ITEMS / NEXT STEPS (Add details here)
OPEN ISSUES / QUESTIONS (Add details here)