Wednesday, August 08, 2012

The NEHRS Audit Trail Is A Bit Of A Joke - Heavens It Is Very Unfriendly and Confusing For Users!

I popped along to the NEHRS System and grabbed a subset of the Audit Trail I was provided with covering a few of my visits
Here we have a header which explains what we are seeing.
Approval Date/Time - Operation Performed - Organisation Name - Role- Access Condition- Action Type- Subject -Type Subject
And here is the content.
05/08/2012 09:09:05 AMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
05/08/2012 09:08:55 AMgetDocumentIndividualReadDocumentID2.25.187229862248151894270572118199095601993
05/08/2012 09:08:38 AMgetDocumentListIndividualReadIHIxxxxx01181142493
05/08/2012 09:08:31 AMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
29/07/2012 09:08:46 AMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
29/07/2012 09:08:28 AMgetDocumentIndividualReadDocumentID2.25.187229862248151894270572118199095601993
29/07/2012 09:08:21 AMgetDocumentListIndividualReadIHIxxxxx01181142493
29/07/2012 09:08:12 AMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
26/07/2012 03:16:29 PMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
26/07/2012 03:16:05 PMgetDocumentListIndividualReadIHIxxxxx01181142493
26/07/2012 03:15:56 PMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
24/07/2012 11:44:49 AMgetDocumentListIndividualReadIHIxxxxx01181142493
24/07/2012 11:44:49 AMgetDocumentListIndividualReadIHIxxxxx01181142493
24/07/2012 11:44:30 AMManageConsentCONSUMERReadPCEHRCONSENT
24/07/2012 11:44:01 AMgetDocumentIndividualReadDocumentID2.25.187229862248151894270572118199095601993
24/07/2012 11:42:57 AMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
24/07/2012 11:42:38 AMgetDocumentListIndividualReadIHIxxxxx01181142493
24/07/2012 11:42:29 AMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
22/07/2012 09:27:30 AMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
22/07/2012 09:27:13 AMgetDocumentListIndividualReadIHIxxxxx01181142493
22/07/2012 09:27:04 AMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
20/07/2012 07:08:44 PMgetConsolidatedViewIndividualReadIHIxxxxx01181142493
20/07/2012 07:08:28 PMgetDocumentListIndividualReadIHIxxxxx01181142493
20/07/2012 07:08:19 PMgetIndividualDetailsViewIndividualReadIHIxxxxx01181142493
18/07/2012 02:07:47 PMgetDocumentIndividualReadDocumentID2.25.187229862248151894270572118199095601993
----- End Extract.
As you can see it is not all that clear or user friendly. But I was not expecting the surprise I received as I looked closely.
What interested me were these three entries with these associated times:
1. 26/07/2012 03:15:56
2. 20/07/2012 07:08:44
3. 18/07/2012 02:07:47
At all these 3 dates and times it seemed to me I was either tucked up in my bed of having my shower before coming down to my study. The other times seemed about right suggesting the time-zone being reported is correct.
It was only after careful review and a few more visits did I notice the PM on the next line of the report. Now the entries made sense!
Why a 24 hour clock representation like say this below was not used is hard to understand.
Surely things should have looked like:
1. 26/07/2012 15:15:56
2. 20/07/2012 19:08:44
3. 18/07/2012 14:07:47
I really wonder just what is going on here and why a usability assessment has not been done
The rest of the information provided is even more incomprehensible as you can see for yourself.
Of course just what any, not all that technically literate, consumer would make of all this - and what they might think it means is anyone’s guess. Some of the target demographics like senior citizens and children may not be all that well equipped to know what they are seeing at all.
At the very least there should be a consumer friendly explanation of what is being displayed and what is all means!
This really is the Audit Trail you have when you don’t have an Audit Trail!
For my part I think I might contact the NEHRS System Operator - and ask what is going on to make all this more useful - after I have seen what comments or suggestions others have.  To me this is really very half baked.
David.
PS. It is apparently naughty to display your IHI. Not sure why. So changed a few characters!
D.

11 comments:

Anonymous said...

David,
You are obviously sleepwalking.

On a serious note though, what a poor effort at messages, that is what $100m gets you.

I wonder if they have the ip address of the machine that accessed it?

B said...

That's not an audit trail, it's a system log.

Designed by IT people, for IT people.

It looks as though the requirements for an Audit trail were not identified, specified or agreed.

In which case, in the absence of a defined requirement, any solution will do.

Earl Hose said...

They may log the IP of the machine used to access the data, but would it be any use?
Authentication of identity is an evolving field. Today I registered with the ATO to see what they had on my superannuation. I had to supply two pieces of data, such as amounts of tax payable on one tax return, bank account details, Centrelink data.
Then I decided to beef up my Google security, something a few of you will have done recently. Their 2-factor authentication is pretty standard fare, but then we have the option of supplying a fixed phone line so they can leave a voice message if things go Phut in the cloud. The quaintest touch was Google issued a list of ten random emergency numeric strings, to carry in one's wallet, in case all other means of access has been lost.
Having taken the 2-factor option, one is then required to do a one-time pass-code activation for some other devices (iPad, Android phone) from which one would be accessing Gmail.
Try it, you'll love it! Trust Google? Is Google tougher than DoHA?

Cris Kerr said...

I included suggestions with examples across security, privacy and audit trail in my Feedback Submission on the Draft Concept of Operations Relating to the introduction of a Personally Controlled Electronic Health Record (PCEHR) system in May 2011.

(http://yourhealth.gov.au/internet/yourhealth/blog.nsf/247FAB32617E207FCA2578DA00084E37/$FILE/Case%20Health%20submission.doc)

On Pages 31-36, 'ITEM 13 - PCEHR Security & Privacy - Audit Trail', I included 4 examples,all based on legitimate purpose for access and use.

Essentially, I proposed a structured, transparent security/privacy framework based on a map of 'security/privacy access needs and levels' across those 'PCEHR data fields' that I still believe our PCEHR should contain to facilitate patients self-reporting their health outcomes in structured ways.

As part of that Item's section, I included an example of an audit trail at Item 13 (d), based on the premise that if a health professional or anyone else has legitimate purpose for accessing a PCEHR (especially private clinical information) they should be already known to the patient and hence, be happy for their name to appear in the audit trail.

My feedback was based on the premise that respect for, and protection of the patient and their private information was paramount... as it should be when one is proposing to assemble every personal health detail that 'various others' will be able to gain access to... and not by entering an office to open a locked filing cabinet drawer, but from anywhere, and at anytime.

With everything that's occurred since that submission, I now wonder if the 'consultation' and 'feedback' processes were charades, and that everything that was intended and has since come to pass was preordained.

The PCEHR has been launched, the governance system is still 'missing in action', and responsibility and management has now been pushed out to the market.

Everything that's occurred indicates both major political parties now lean toward market-based public health policies and responses, where the govt role becomes casual oversight of market self-regulation... and we all know how well market self-regulation works, right?

Australia could have/should have taken advantage of this unique opportunity to invest in visionary public health reform...

by building a public health and medical research framework that contributed to measurable individual and public health improvements year on year...

by delivering a meaningful, purposeful, and economically sound framework that supports the future health and health economy of this nation's people....

by making our economically threatened free public health system more productive, more durable, and hence; more sustainable for the generations to come.

“The significant problems we have cannot be solved at the same level of thinking with which we created them.” Albert Einstein

Anonymous said...

Is this the best they can do? A meaningless audit trail like that is an incredibly ingenious way to undermine Ministerial credibility.

Even an IT incompetent couldn’t have accomplished anything so useless to the consumer. The Consumers Association must be beside itself in bewilderment.

We can all recall how Ministers Roxon and Plibersek have faithfully parroted what Secretary Halton and her e-health bureaucrats said about the value, importance and use of the audit trail – that it would clearly show who had been accessing our records and when.

How could any health professional or health organisation have any confidence or trust in an audit trail like that?

Anonymous said...

"The significant problems we have cannot be solved at the same level of thinking with which we created them.” Albert Einstein"

So we know Einstein must cost more than $1m a day.

But for $40 you can get:
ASTM E2147 - 01(2009) Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

and lots of other interesting standards. ;)

But when you are building a new world you don't need to worry about standards do you. Makes me shudder to think what the clinical interfaces are like if they can't get a simple access log right!

Anonymous said...

Anonymous said "How could any health professional or health organisation have any confidence or trust in an audit trail like that?"

No one remotely involved with the health profession or a health organisation would have had anything to do with it.

Anonymous said...

1. Of course the system has IP address. But no, that isn't shared with the consumer.

2. The way that David is presenting that in his blog is quite different from what you see on the screen - it's formatted on screen. It's not the prettiest thing in the world, but it's an audit log, there's only so much you can do to make an audit log pretty.

I'd suggest people get a PCEHR record and go log on for themselves. http://www.ehealth.gov.au

Dr David More MB PhD FACHI said...

What you see on the screen is still utter rubbish for a consumer!

David.

Anonymous said...

"Even an IT incompetent couldn’t have accomplished anything so useless to the consumer."

Yes they can!
does the below sound familiar?


http://www.ejfi.org/Voting/Voting-95.htm

http://www.davidicke.com/forum/showthread.php?t=113429

http://www.guardian.co.uk/society/2011/sep/22/nhs-it-project-abandoned

http://www.nytimes.com/2011/09/24/nyregion/bloombergs-computer-project-for-personnel-data-leads-to-waste.html?pagewanted=all

http://accentureischeatingonitsclients.blogspot.com.au/2009/12/three-ways-accenture-is-cheating-on-its.html

etc. etc.

Anonymous said...

I think the point is that the IP address would sit nicely amongst the rest of that code level information.

It is gibberish to most people as are the contents of that log, regardless of the formatting.

It is not a useable log and it does not follow any of the many standards available for that type information.