Universal Audit Repository

The Universal Audit Repository (UAR) is HIPAAT’s standalone central repository of audit events. Designed for use by healthcare organizations and Health Information Organizations, the UAR is standards-based and:

Logs all access – and attempted access – to personal health information (PHI) and consent directives

Provides automatic, immediate alerts of override (‘break the glass’) access to PHI, by email or pager to a Privacy Officer/administrator

Provides extensive, customizable search and report capabilities on any audit event data, and includes a separate security (breach) report

Notifies clinicians via email if corrections have been made to diagnostic imaging exams they had previously viewed

Is an excellent source of data for patients’ “accounting of disclosures”

We designed the UAR to align with the healthcare industry’s top guidance on auditing: Integrating the Healthcare Enterprise’s (IHE’s) Audit Trail and Node Authentication (ATNA) profile. This includes the underlying standard for audit log messages, RFC 3881: Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications.

The UAR accepts and stores every attribute (required and optional) defined in both RFC 3881 and DICOM Supplement 95: Audit Trail Messages, to support all required IHE transactions.

Some technical details:

Java-based three tier application

LDAP support

Java Message Service (JMS) API

Transports: syslog over HTTP, UDP and TLS v1.1 (backwards compatible to 1.0)

High availability

Monitoring

Metrics

Raw XML export functionality