|
|
|
|
|
Donna Pipa pipa@telus.net
to me
Hi Jackson,
Sincere apologies for the delay in getting back to you. I'm just back from vacation and still trying to get caught up.
(1) Re: logging capacity required……….here is what is stated in the latest amendments to Alberta's Health Information Act (HIA) and regulations, as of Sept 2010:
” A custodian must ensure its electronic health record information system creates and maintains logs containing the following information:
a) user identification and application identification associated with an access
b) name of user and application that performs an access
c) role or job functions of user who performs an access
d) date of an access
e) time of an access
f) actions performed by a user during an access, including, without limitation, creating, viewing, editing and deleting information
g) name of facility or organization at which an access is performed
h) display screen number or reference
i) personal health number of the individual in respect of whom an access is performed
j) name of the individual in respect of whom an access is performed
k) any other information required by the Minister (nothing else outlined at this time)
Note that 'user identification info' (as noted in a - c above) can be according to a userID that is assigned to an individual (so that it can be traced back to an individual).
Your EMR system should be able to accomodate all of the above requirements. In addition, I know the Privacy Commissioner's office will be looking for the EMR to record login attempts and an alert to be provided to the system administrator after a specified number of unsuccessful login attempts.
(2) Remote access
I will have to do some more digging into this question. All of the systems that I'm aware of have some means of 2 factor authentication for remote access to the EMR.
Hope the above is helpful. We can arrange to chat by phone if that would be helpful…………..just let me know.
Kind regards,
Donna
Home
Daily Comics
Events
Photos
Docs
Links