The ChartMaker Medical Suite has an audit trail that is automatically populated with information as users access and use the system. The information includes the system user’s identity, the date and time, the action being performed, and data specific to the feature being audited. Auditing is on by default, but the security administrator can disable auditing entirely or disable the auditing of selected functional areas. The act of enabling or disabling auditing, whether in full or in part, is itself logged to the audit trail and cannot be disabled.
No Medical Suite user, regardless of authorization level, has the ability to edit or delete individual entries in the audit trail. To detect tampering of audit trail entries by means other than the use of the Medical Suite, the Medical Suite employs NSA’s SHA-1 hashing algorithm to determine if changes were made to audit trail outside of the EHR. Detailed information about the SHA-1 algorithm can be found at http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf (the current NIST publication titled Secure Hash Standard from March 2012).
Any user with authorization to view the Audit Trail will be able to verify the integrity of the audit trail. For every entry in the audit trail, the EHR system uses the NSA’s SHA-1 algorithm to hash the unique set of data in that entry (e.g. timestamp, user identity, feature-specific data) and stores the resulting digest. When viewing audit log entries, the system will regenerate the digest based on the data currently in the audit trail entry, and compare it to the digest that was created when the audit log entry was originally made. If the digests are different, the EHR notifies the user of the discrepancy, including the possibility that the information contained in the audit log entry was modified outside of the EHR.