Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • HealthSec '12 Home
  • Organizers
  • Registration Information
  • Registration Discounts
  • Workshop Program
  • Co-located Workshops
  • Sponsors
  • Hotel and Travel Information
  • Students
  • Help Promote
  • For Participants
  • Call for Papers
  • Past Proceedings

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Secure Logging and Auditing in Electronic Health Records Systems: What Can We Learn from the Payment Card Industry
Tweet

connect with us

http://www.twitter.com/usenix
https://www.facebook.com/events/135540179901272/

Secure Logging and Auditing in Electronic Health Records Systems: What Can We Learn from the Payment Card Industry

Authors: 

Jason King and Laurie Williams, North Carolina State University

Abstract: 

Both health information technology (HIT) and the payment card industry (PCI) involve the exchange and management of sensitive, protected information. Compared to the PCI, HIT could consider protected health information (PHI) more sensitive than PCI cardholder data. If cardholder data is breached in the PCI, payment card companies may then remove fraudulent charges from the customer’s account and/or issue the customer a new payment card. However, once a person’s PHI has been breached, the PHI has been breached forever. Healthcare organizations cannot issue new health histories or new identities to affected individuals. Secure logging and auditing may deter users from performing unauthorized transactions with PHI since an irrefutable trace of the user’s activity is recorded. Logging and auditing also provides an accounting of PHI disclosures for assisting data breach investigations.

Secure logging and auditing is one mechanism EHR systems should implement to promote security, user accountability, and trust. The objective of this paper is to raise awareness of issues around electronic health record logging and auditing mechanisms through a comparison with the Payment Card Industry Data Security Standards. With the recent push to move all health records to electronic format, the healthcare industry needs to define better standards for secure logging and auditing in EHR systems.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

King PDF
View the slides
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us