Universal Audit Repository
The Universal Audit Repository (UAR) is HIPAAT’s standalone central repository of audit events. Designed for use by healthcare organizations and Health Information Organizations, the UAR is standards-based and:
 |
Logs all access – and attempted access – to personal health information (PHI) and consent directives |
|
Provides automatic, immediate alerts of override (‘break the glass’) access to PHI, by email or pager to a Privacy Officer/administrator |
|
Provides extensive, customizable search and report capabilities on any audit event data, and includes a separate security (breach) report |
|
Notifies clinicians via email if corrections have been made to diagnostic imaging exams they had previously viewed |
|
Is an excellent source of data for patients’ “accounting of disclosures” |
We designed the UAR to align with the healthcare industry’s top guidance on auditing: Integrating the Healthcare Enterprise’s (IHE’s) Audit Trail and Node Authentication (ATNA) profile. This includes the underlying standard for audit log messages, RFC 3881: Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications.
The UAR accepts and stores every attribute (required and optional) defined in both RFC 3881 and DICOM Supplement 95: Audit Trail Messages, to support all required IHE transactions.
Some technical details:
|
Java-based three tier application |
|
LDAP support |
|
Java Message Service (JMS) API |
|
Transports: syslog over HTTP, UDP and TLS v1.1 (backwards compatible to 1.0) |
|
High availability |
|
Monitoring |
|
Metrics |
|
Raw XML export functionality |
