The auditing functionality tracks user actions throughout all areas of the application and then stores the auditing information in a database. The auditing information contained in the database can be accessed to provide a detailed log of actions taken by users in the organization as they use the Care360 Labs & Meds, ePrescribing, EHR, and Care360 HD applications. The auditing of user actions provides answers to the following questions:
• When was patient information accessed?
• When was an action taken that relates to a patient (for example, renewing a prescription)?
• What action was taken?
• Who took the action or accessed the information?
• What patient was involved with the action?
The audit information is accessed by running an Audit report. The Audit report displays information on recently audited actions taken by users within an organization, as well as actions performed by the Care360 Labs & Meds, ePrescribing, EHR, and Care360 HD applications. For example, logging into the application produces an entry in the auditing database. The date and time this action occurred, the action taken (in this case logging in), username, and Event ID all display in the Audit report for this action.
User actions that are audited from the Care360 HD application are limited to the following areas:
• Changes to patient demographics.
• Viewing of clinical patient information in a patient’s chart.
• Retrieval of formulary information while writing prescriptions. This is also audited from Care360 Mobile®.
• Changes to patient encounter notes.
Note: For more information on the audit reporting feature, see Generating an Audit Report. |
The auditing of user actions is a requirement set forth by the American Recovery and Reinvestment Act (ARRA). Physicians must meet the Meaningful Use requirements defined in this act to receive incentives for using certified EHR applications like Care360 EHR, and must provide proof that they meet the minimum use requirements.
Certified auditing helps you to demonstrate Meaningful Use. Auditing also provides the following benefits:
• Enhanced security. The auditing features allow you to track what patient information users within the organization have recently accessed. This allows appropriate action to be taken against someone accessing data without approval.
• Legal protection. In the event a lawsuit is filed against a Physician by a patient, the audit records can be used to display what actions users within the organization took that involved the patient.
• Efficient troubleshooting. The audit record can be used to help a support technician retrace the steps that led to a problem. This allows the technician to troubleshoot the problem more efficiently and resolve it faster.
Some audited events generate an audit alert message. A user with administrator permissions for an organization selects specific users, from the organization preferences page, to receive the audit alert messages. When an audited event generates the alert message, all users configured by organization’s administrator receive a message in their messages Inbox that contains the following information:
• The date and time the audited event took place.
• A description of the audited event.
• The user name associated with the audited event.
• Patient information (if applicable) associated with the audit event.
• A disclaimer informing the user receiving the message that their organization’s administrator selected them to receive audit alert messages.
The following events trigger an audit alert message:
• Account disabled for excessive login failures. This audit alert is activated when a user attempts to login to Care360 Labs & Meds, ePrescribing, or EHR and locks their account because of multiple failed login attempts.
• Patient consent override. This audit alert is activated when a user selects the option to override the consent preference of a patient who does not want their clinical data shared. A patient consent override typically occurs in emergency situations when the patient is not capable of giving permission to share patient health information with another organization.
The following table displays, from a high level perspective, the areas of Care360 Labs & Meds, ePrescribing, and EHR that are audited. The table also provides examples of audited actions a user may execute when using the Care360 Labs & Meds, ePrescribing, and EHR applications and whether or not you can view changed data for audited actions.
Audited Area |
Examples of Actions |
Can you view changed data? |
Allergies/Adverse reactions |
View, add, edit, or print allergies/adverse reactions. |
Yes |
Audit log |
View or print an audit log report. Failed attempt to delete audit log report. Failed attempt to modify audit log report. |
No |
Billing |
Exchange billing details for encounters with affiliated PMSs, save billing details as complete, or modify your organization’s billing template. |
No |
Care Recommendations |
View, dismiss, hide, and restore care recommendations. |
No |
Chief complaint (CC) and history of present illness (HPI) |
Add, edit, or copy the chief complaint and/or history of present illness in an encounter note. |
Yes |
Cognitive and Functional Status |
Add, edit, or copy cognitive status or functional status in an encounter note.
|
Yes |
Diagnosis |
Add, edit, or copy a diagnosis in an encounter note. Copy a diagnosis to the problems list. Submit a reportable condition to the CDC. |
Yes |
Diagnostics |
View, add or update a diagnostics report. Add, update, or remove an associated image, diagnostic description, or document type for a diagnostics report. |
Yes |
Document upload |
Save an uploaded document to a patient’s summary. |
No |
Documented patient visits |
Create a documented patient visit. Mark a documented patient visit as erroneous. |
No |
Drug Formulary |
Successfully queried and returned during the prescription writing process. |
No |
Electronic Prescribing for Controlled Substances (EPCS) |
Nominate a prescriber as a registrant. Remove a prescriber’s nomination. Assign Approver or Administrator roles. Remove Approver or Administrator roles. Agree to take on Administrator role. Give final approval of registrant. Failed entry of Care360 ePrescribing or EHR password or OTP when approving registrant. Temporarily suspend EPCS prescriber. Reinstate EPCS prescriber. Permanently revoke EPCS prescriber. Failed entry of Care360 ePrescribing or EHR password or OTP when permanently revoking EPCS prescriber. Enable/disable Allow controlled substances to be electronically prescribed organization preference. Write, edit, sign, deny, renew, electronically transmit, or print prescriptions for controlled substances. A prescription for a controlled substance is ready to be signed. Failed entry of Care360 ePrescribing or EHR password or OTP when signing a prescription for a controlled substance. Delete a renewal for a controlled substance. Delete a prescription pending approval for a controlled substance. Delete an approved prescription for a controlled substance. Failure of an electronic prescription or renewal transmission. View or print a failed electronic prescription. View or print a printed failed electronic prescription. Delete a failed electronic prescription. View or create a Controlled Substances Prescribed report. View a Monthly Controlled Substances Prescribed report. View a Controlled Substances Daily Event log. |
No |
Electronic Prior Authorization Requests |
Click the link to submit a prior authorization request. Cancel a prior authorization request by deleting a medication. |
No |
Encounter Note |
View, start, edit, copy, finalize, sign, mark erroneous, print, or add an addendum to an encounter note. View, copy, or edit the date of service, encounter type, location, template, authoring provider, or responsible provider. Select or clear the Urgent/Emergent Situation check box, Patient Declines Summary check box, Pregnancy Record, or the Pt. Education Material Provided check box. Click the Clinical Education link. Add, edit, or copy Subjective, Objective, Assessment, or Plan text. Add, edit or copy Assessments or Interventions. Add or edit the list of lab results in an encounter note. |
Yes |
Export Data |
Export a CCD, CCR, or CCDA. Export a flowsheet. |
No |
Faxes |
Send, print, view, delete, or remove a fax. Override patient consent when faxing clinical data. |
No |
History |
View, manage, or print past medical, surgical, social, family, pregnancy, or menstrual history. Copy history into a new note. |
Yes |
Implantable Devices |
Add or edit an implantable device. |
Y |
Import Data |
Receive Claims History or Pharmacy History data from SureScripts. |
No |
Labs |
Write, record, edit, finalize, place on hold, print, or cancel a lab order. Add, view, update, delete, print, annotate, or mark a lab report as reviewed. Lab result removed from New Results list (manually or automatically). Lab result added, updated, or removed from an encounter note. |
Yes |
Medications, |
View, add, edit (including activate and deactivate), reconcile, or print: • Reported medications • Administered medications • Vaccinations Write, edit (including active and deactivate), approve, deny, renew, save as pending, or print prescriptions for medications or supplies. Create, sign, or transmit prescriptions for a controlled substance. A prescription for a controlled substance is ready to be signed. Delete a renewal for a controlled substance. Delete an approved prescription for a controlled substance. Failure of an electronic prescription transmission Record or edit a documented medication. |
Yes |
Messages |
View, send, update, delete, print a message or Direct message. Override patient consent when messaging clinical data. Save a message or Direct message to a patient chart. Accept or decline the End User Agreement for Direct messaging. Create an organization domain name for Direct Exchange. Submit the Direct Exchange enrollment form. Create a Direct Exchange address for sending/receiving Direct messages. Create a Direct Messaging address for sending/receiving Direct messages. |
No |
Patient Demographics |
View, add, edit or remove patient information (name, birth date, sex, marital status, mother’s maiden name, and Social Security Number), ethnicity, race, language, and administrative details (primary provider, PID, health ID, retrieval of external medical history, consent, and payer type), patient’s preferred pharmacies, contact information (address, phone, email and contact preference), contacts, or care team information for a patient. Change a patient’s status (active, inactive, or deceased). |
Yes |
Patient (General) |
Add a patient. Override a patient’s consent. Search for a patient. View a patient’s summary page. Merge patients. |
No |
Patient Portal |
Send an invitation for a patient or authorized representative. Remove a Patient Portal link. Acknowledge the Minors Patient Portal Notification message for patients 18 years and older. Acknowledge the Minors Patient Portal Notification message for patients 13 to 17 years old. |
No |
Pregnancy Record |
Add or edit pregnancy flowsheet details, OB lab tests, or OB patient education in an encounter note. |
Yes |
Physical Exam (PE) |
Add, edit, or copy the physical exam information in an encounter note. |
Yes |
Plan of Care |
Add, edit, or copy plan text, a goal or goal instruction, clinical instructions, future scheduled appointments, provided educational materials (decision aids), or patient health concerns in an encounter note. |
Yes |
|
Print a face sheet, demographics, lab report, clinical document, fax, message, radiology order, patient note, diagnostic result, growth chart, audit log, informatics report, billing details, billing report, billing reconciliation report, OB data report, lab order, or public health report. |
No |
Problems |
View, add, edit, or print problems. Submit a reportable condition to the CDC. |
Yes |
Procedures |
Add, edit, or copy a procedure in an encounter note. Copy a procedure to the past medical or surgical history list. |
Yes |
Radiology |
Write, record, edit, or finalize a radiology order. Add or update a radiology report. Add, update, or remove an associated image, diagnostic description, or document type for a radiology report. |
Yes |
Reason for Visit |
Add, edit, or copy a reason for visit in an encounter note. |
Yes |
Referrals |
Add, edit, or remove a reason for referral or referring provider/organization in an encounter note. |
Yes |
Review of Systems |
Add, edit, or copy review of system information in an encounter note. |
Yes |
Risk Evaluation |
Add or edit risk evaluation information in an encounter note. |
Yes |
Radiology |
View, write, record, edit, finalize, print, and cancel a radiology order. View or print radiology results. |
No |
Reports |
Search for lab results on the Find Lab Results page. Run an Informatics Query report. Run an Rx Transactions report. Run a Usage Metrics report. Request a Meaningful Use EHR Use Metrics report. Request a Meaningful Use Quality Measures report. Request Meaningful Use file export. Run a Billing Reconciliation report. |
No |
Tasks |
View, add, or update a general, patient contact reminder, order, or amendment task. |
No |
Templates |
Create, edit or delete section, encounter, or billing templates. |
No |
Textual Results and Transcribed Documents |
Edit the document type of an electronically received textual result or transcribed document. Add or edit additional comments received on a transcribed encounter note. |
No |
User (General) |
Care360 Labs & Meds, ePrescribing or EHR login (success or failure) and logout. Third-party application (SSO) login and logout. Access an organization. Session timeout. Reset or change password. Add or remove challenge answer. Account disabled for excessive login attempts. |
No |
User Management |
Add, edit, deactivate, and reactivate a user. Add or remove a user role (Clinical Lab Staff, Clinical Office Staff, Clinician, Delegated Admin, Phlembotomist, Provider, and QAP ACO Admin). Reset or change a user’s password. Add or remove a user from an organization. |
No Yes
No No |
Vitals |
View, add, or edit length/height, weight, temperature, blood pressure, pulse, respiration, or 02 saturation. |
Yes |
CPT ® copyright 2016 American Medical Association. Applicable FARS/DFARS Restrictions Apply to Government Use. |