In the world of healthcare technology, security and privacy are an ever increasing concern. In order to keep up with the advances in security technology and audits, we’ve introduced user activity audit logging as part of Iguana 6.1 Professional and Enterprise.
These audit log messages are specifically designed to be consumed by other third party security and audit applications. These applications generally run through user activity looking for patterns that are out of the ordinary, such as users accessing PHI that they’re not supposed to. The applications that you might use for Privacy Information and Event Management (PIEM) for your healthcare records should be able to process these messages.
What are Audit Logs? [top]
Audit logs are a new type of log message in Iguana. Their goal is to track user activity in Iguana, as that activity relates to viewing Personal Health Information (PHI). This activity is represented as individual log messages in Iguana’s logs. Note that the audit logs do not contain PHI themselves, but do provide URL’s which link back to the original messages.
An audit log message is created when a user does one of three things:
- Views Logs
- Views an Individual Log Message
- Exports Logs
When log messages are viewed on the main page of the Iguana Log Viewer, Iguana serves up a set of messages to the screen. When this happens, a single audit log message is created containing the username of the person viewing, a timestamp, a list of the message types, and a list of URL’s which link back to the original messages.
Views an Individual Log Message
This audit log is created when a user clicks on an individual log message. This audit message will contain the username of the person viewing, a timestamp, the message type, and a URL linking to the message.
Created when a user tries to export logs. It will contain the username, a timestamp, a list of the message types, and a list of URL’s to the messages that are being exported.
Enable or disable Audit Logs [top]
Audit logs are disabled by default.
To enable or disable the audit logs:
- Go to Setting > Logging and click Edit:
- Enable or disable Audit Logging and click Save Changes: