CINTESIS - Centre for Research in Health Technologies and Information Systems, Faculdade de Medicina da Universidade do Porto, Porto, Portugal.
BMC Med Inform Decis Mak. 2013 Aug 6;13:84. doi: 10.1186/1472-6947-13-84.
Audit Trails (AT) are fundamental to information security in order to guarantee access traceability but can also be used to improve Health information System's (HIS) quality namely to assess how they are used or misused. This paper aims at analysing the existence and quality of AT, describing scenarios in hospitals and making some recommendations to improve the quality of information.
The responsibles of HIS for eight Portuguese hospitals were contacted in order to arrange an interview about the importance of AT and to collect audit trail data from their HIS. Five institutions agreed to participate in this study; four of them accepted to be interviewed, and four sent AT data. The interviews were performed in 2011 and audit trail data sent in 2011 and 2012. Each AT was evaluated and compared in relation to data quality standards, namely for completeness, comprehensibility, traceability among others. Only one of the AT had enough information for us to apply a consistency evaluation by modelling user behaviour.
The interviewees in these hospitals only knew a few AT (average of 1 AT per hospital in an estimate of 21 existing HIS), although they all recognize some advantages of analysing AT. Four hospitals sent a total of 7 AT - 2 from Radiology Information System (RIS), 2 from Picture Archiving and Communication System (PACS), 3 from Patient Records. Three of the AT were understandable and three of the AT were complete. The AT from the patient records are better structured and more complete than the RIS/PACS.
Existing AT do not have enough quality to guarantee traceability or be used in HIS improvement. Its quality reflects the importance given to them by the CIO of healthcare institutions. Existing standards (e.g. ASTM:E2147, ISO/TS 18308:2004, ISO/IEC 27001:2006) are still not broadly used in Portugal.
审计跟踪(AT)对于信息安全至关重要,可确保访问可追溯性,但也可用于提高健康信息系统(HIS)的质量,即评估其使用或滥用情况。本文旨在分析 AT 的存在和质量,描述医院中的场景,并提出一些建议以提高信息质量。
联系了 8 家葡萄牙医院的 HIS 负责人,安排了有关 AT 重要性的访谈,并从他们的 HIS 中收集审计跟踪数据。有 5 家机构同意参与这项研究;其中 4 家同意接受采访,4 家发送了 AT 数据。访谈于 2011 年进行,AT 数据于 2011 年和 2012 年发送。每个 AT 都根据数据质量标准进行了评估和比较,例如完整性、可理解性、可追溯性等。只有一个 AT 有足够的信息可以通过建模用户行为进行一致性评估。
这些医院的受访者只知道几个 AT(每个医院平均有 21 个 HIS 中的 1 个 AT),尽管他们都认识到分析 AT 的一些优势。有 4 家医院共发送了 7 个 AT - 2 个来自放射信息系统(RIS),2 个来自图片存档和通信系统(PACS),3 个来自患者记录。有 3 个 AT 是可理解的,有 3 个 AT 是完整的。患者记录中的 AT 比 RIS/PACS 更具结构性且更完整。
现有的 AT 质量不足以保证可追溯性或用于 HIS 改进。其质量反映了医疗保健机构的 CIO 对其的重视程度。现有的标准(例如 ASTM:E2147、ISO/TS 18308:2004、ISO/IEC 27001:2006)在葡萄牙尚未广泛使用。
