Creating an IHE ATNA-Based Audit Repository

Compliance with the Health Insurance Portability and Accountability Act (HIPAA) requires gathering audit information from picture archiving and communications systems (PACS) regarding evidence trails of human interactions. Until recently, most PACS users have had limited access to auditing information. Access required resources to handle manual inspection of audit logs, and access to proprietary databases was not always available. Some vendors now produce eXtensible Markup Language (XML) audit logs based on certain events occurring in PACS. However, it is up to the user to convert this information into an easily mined data repository supporting compliance and quality control. This process can be handled in multiple ways, which could mean different audit mechanisms depending on the PACS (or other hospital system) used. It is apparent that an organized method of dealing with audit information is needed. This help may be provided within the Integrating the Healthcare Environment (IHE) framework. The IHE initiative defines a set of profiles, actors, and transactions that create common scenarios for particular workflow processes. The Integration Profiles depict security as a fundamental requirement of the framework. Specifically, the Audit Trail and Node Authentication (ATNA) profile defines standards based mechanisms for securely transmitting and storing audit records in a central repository. The data structure defined by the profile provides a number of record types that capture different audit events. A general feasibility study for storing currently available PACS audit information following the profile is defined, and steps to an automated solution are discussed.