PHI Audit Controls

SYSTOC audits user access to protected health information within the SYSTOC, iSYSTOC, and SYSTOC_EDI applications and logs the relevant details. This helps clinics comply with HIPAA standards and ARRA Certification Criteria for EHR Technology. You can review audit data via the PHI Access Audit Log report.

The audit only encompasses standard SYSTOC operation. Clinics must establish their own procedures for auditing access to PHI that occurs due to the restoring of the SYSTOC databases or via programs that open the database outside of SYSTOC.

A list of the disclosed information prints on the Disclosures of PHI report, available through the F2 reports menu.

Note:
  • Be aware that using double-click to select records creates two audit records.
  • Patient Summary records cannot be deleted, as audit logs are linked to patient data.

The table below summarizes the data captured during an audit.

Data Description

Date

Date of action.

Time

Time of action.

Patient ID

Unique identifier linking PHI data with a patient record.

User ID

The ID of the staff member (links to the Medical Staff table) who accessed or used patient data.

Action

SYSTOC logs four different user actions: Access, Create, Modify, and Delete.

Source

SYSTOC data entry screen, data list, report name, or form name. When perform ing Staple/Send the source is logged as "Staple-Send: form name" for each form.

App Name

SYSTOC-related applications such as: SYSTOC, iSYSTOC, SYSTOC_EDI, etc.