| Description | The Patient Summary-CA Solution should have the ability to capture secure audit log content as dictated by jurisdictional standards and/or system requirements. Note: For example, jurisdictional standards and/or system requirements for secure audit logs should consider Patient Summary schema and log content such as the user ID of authorized actors, the role the user is exercising, the organization of the accessing user (at least in those cases where an individual accesses information on behalf of more than one organization), the patient ID of the data subject (patient/person), the function performed by the accessing user, a timestamp, in the case of access override to blocked or masked records or portions of records, a reason for the override, and in the case of changes to consent directives made by a substitute decision-maker, the identity of the decision-maker. |
|---|