Security camera

Patient Records Journal

AngelTrack permanently records all reads and writes to HIPAA-protected patient data.

It is accessible to Administrators and Captains, under Settings.


HIPAA Requirement

AngelTrack's Patient Records Journal exists to satisfy the HIPAA requirement -- at §164.308(a)(1)(ii)(D) -- that all reads and writes of patient identifying information must be logged, and the log available for review. The journal shows who accessed the patient data, when they accessed it, whether their access was for read or for write, and whether AngelTrack honored the access request.

There is no way to modify or clear the Patient Records Journal. It will grow and grow forever.

You can view and sort the journal, filter by date range and patient name, and export the data to .CSV.


Why Are There Occasional Denials in the Log?

Normally AngelTrack prevents its users from even attempting an un-justified access to HIPAA data. Employees are not even offered the opportunity to click on something unless they are entitled to access it. However, there is one situation where an illegal access attempt can occur...

Suppose an employee (we'll call him Bob) opens AngelTrack in five different browser tabs. Later, Bob clicks "Logout" on one tab, and forgets about the other four tabs. Those four tabs are still showing data that Bob has permission to read.

Now suppose a different employee (call her Alice) then sits down at that same computer and logs in. Sooner or later she clicks on one of the four tabs that Bob left open. The tab is still showing Bob's data, but Alice doesn't realize it. She innocently clicks one of the links, attempting to view a patient that (unbeknownst to her) only Bob had access to.

That attempt -- that mouse click -- will be denied and the denial will be logged. You will see the denial in the journal... but keep in mind: such things usually happen by accident.


Using the Journal for Data Leak Forensics

If you experience a leak of HIPAA-protected data and need to trace it back to a specific employee, the Patient Records Journal is the starting place. The journal can list all the dates and times that a particular patient record was accessed, and by whom. Once you rule out the appropriate accesses by dispatchers, crew members, QA reviewers, and billers, any other accesses will be leads in your investigation.

To learn more, read the Data Leak Forensics Guide.



AngelTrack Help Index - AngelTrack Support