"Disclosure Report" (access audit) for multiple patients?

I have a list of about 100 MPI IDs that I would like to run a report on.  I want to list times that any data for these patients were accessed.  Currently in "Managed Reports" we have a "Disclosure Report" which I think was a custom development effort, but it is per-patient.

I have a SQL query for the ATNA log but I'm not confident in its accuracy, so I thought I'd reach out and see how other Information Exchange's might get this data.

  • 0
  • 0
  • 222
  • 5
  • 1

Answers

Here is an example of a SQL query to do this:

SELECT LocalDateTime, MPILIST
FROM HS_IHE_ATNA_Repository.Aggregation
WHERE EventType = 'ViewRecords'
AND MPILIST in (SELECT MPIID FROM HS_Registry.Patient)

Replace the sub-query in parentheses above with one that returns your list of MPIIDs.

I limited my query to the "ViewRecords" audit event type, which is defined as, "The Access Gateway received clinical data from one or more Edge Gateways in response to a patient fetch request. The combined results are about to be loaded into the clinical viewer.". There are several other audit events related to accessing patient data that you may want to read about in the documentation to see if they match what you are checking better. Their descriptions can be found at:

http://localhost:57772/csp/docbook/DocBook.UI.Page.cls?KEY=HESEC_ch_audit#HESEC_audit_events_other

Or by navigating to:

 [ Documentation Home ]  >  [ Running a HealthShare Information Exchange ]  >  [ Information Exchange Security Guide ]  >  [ Auditing Information Exchange Events ]  > Information Exchange Application Events

"The combined results are about to be loaded into the clinical viewer."

What about searches from directly within participant EHR systems?   Users that are not using the clinical viewer? ie "on demand" customers.  Or other protocols, XDSb, XCA, etc.  Also would this exclude patient searches like a PIX query before a document registration?

I don't think external EHR systems will generate an ViewRecord event. Further down in the documentation, the IHE audit event types are also listed, including ones for PIX and PDQ queries. Just substitute one of those event types in the above query.

To develop a query for your EHR system, try querying:

SELECT TOP 20 *
FROM HS_IHE_ATNA_Repository.Aggregation
ORDER BY LocalDateTime DESC

and then do a patient search of the type you are trying to audit, and then run the query again to see which audit events it created. If these events have the UserName property set to distinct usernames rather than just HS_Services, you may be able to filter out PIX searches before a document registry with something like:

WHERE UserName != 'HS_Services'

If you need assistance developing a query that specific to your system's setup, it might be better to open a WRC issue.

We are an HIE so I cannot simulate a search from within an EHR system.

Can you think of anything I could query on the Registry to do this?  Something endpoint-agnostic?  For instance, I've discovered this seems to work pretty well for searches without having to worry about ATNA event types and the performance issues related to the size:

 

SELECT TimeProcessed, LastName, FirstName, DOB, AssigningAuthority, MPIID, MRN, SearchMode, RequestingUser, SAMLData_Organization, SessionId
FROM Ens.MessageHeader h LEFT JOIN HS_Message.PatientSearchRequest m
ON h.MessageBodyId = m.id
WHERE h.Invocation = 1
AND h.MessageBodyClassName = 'HS.Message.PatientSearchRequest'
ORDER BY SessionId DESC

I appreciate your input so far.

Querying through HS.Message.PatientSearchRequest is also a way to accomplish this, but with a few caveats:

1) As you brought up in your other question, there are may be more than one HS.Message.PatientSearchRequest per actual search. There may PatientSearchRequest for events that are you aren't interested in that you have to filter out.

2) Ensemble messages will be purged more frequently than audit logs, and are easier for users to delete.

Whether you use messages or audit logs, you'll have to check what kind of messages or audit events the kind of search traffic you are interested in generates, and make sure your query captures only that.

It looks  like "ExportRecords" coincides with an external request and "ViewRecords" is a clinical viewer request.