Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms

Without adequate audit mechanisms, electronic health record (EHR) systems remain vulnerable to undetected misuse. Users could modify or delete protected health information without these actions being traceable. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing for non-repudiation and to assess whether general audit guidelines adequately address non-repudiation. We derived 16 general auditable event types that affect non-repudiation based upon four publications. We qualitatively assess three open-source EHR systems to determine if the systems log these 16 event types. We find that the systems log an average of 12.5% of these event types. We also generated 58 black-box test cases based on specific auditable events derived from Certification Commission for Health Information Technology criteria. We find that only 4.02% of these tests pass. Additionally, 20% of tests fail in all three EHR systems. As a result, actions including the modification of patient demographics and assignment of user privileges can be executed without a trace of the user performing the action. The ambiguous nature of general auditable events may explain the inadequacy of auditing for non-repudiation. EHR system developers should focus on specific auditable events for managing protected health information instead of general events derived from guidelines.

[1]  Dawn M. Cappelli,et al.  The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures , 2008, Insider Attack and Cyber Security.

[2]  Gunnar Peterson,et al.  Logging in the Age of Web Services , 2009, IEEE Security & Privacy.

[3]  Ben Smith Systematizing security test case planning using functional requirements phrases , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[4]  Norman Chonacky Staking New Ground , 2005, Comput. Sci. Eng..

[5]  Karen Kent,et al.  Guide to Computer Security Log Management , 2006 .

[6]  Laurie Williams,et al.  Systematizing Security Test Planning Using Functional Requirements Phrases , 2011 .

[7]  A Min Tjoa,et al.  Towards More Trustable Log Files for Digital Forensics by Means of “Trusted Computing” , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[8]  Fred B. Schneider Accountability for Perfection , 2009, IEEE Secur. Priv..

[9]  P.D. Dixon,et al.  An overview of computer forensics , 2005, IEEE Potentials.

[10]  Santosh K. Shrivastava,et al.  Implementing fair non-repudiable interactions with Web services , 2005, Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05).