Need help? Chat now
Cart (0)
Search book title
Enter keywords for book title search
Search book content
Enter keywords for book content search
 Admin Code
 CADD File
 City Code
 Comprehensive Plan
 Conference Paper
 County Code
 DHS Documents
 Executive Regulation
 Federal Guideline
 Firm Content
 Land Use and Development
 Legislative Rule
 Local Amendment
 Local Code
 Local Document
 Local Regulation
 Local Standards
 Model Code
 Model Standard
 Rules & Regulations
 State Amendment
 State Code
 State Manual
 State Plan
 State Standards
 Study Guide
 Technical Bulletin
  • ASTM
    E2147-01(2009) Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems
    Edition: 2009
    Unlimited Users - 1 Loc per year

Description of ASTM-E2147 2009

ASTM E2147-01(2009)

Historical Standard: ASTM E2147-01(2009) Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

SUPERSEDED (see Active link, below)

ASTM E2147

1. Scope

1.1 This specification is for the development and implementation of security audit/disclosure logs for health information. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of health information to external users for use in manual and computer systems. The process of information disclosure and auditing should conform, where relevant, with the Privacy Act of 1974 (1) .

1.2 The first purpose of this specification is to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight. In concert with organizational confidentiality and security policies and procedures, permanent audit logs can clearly identify all system application users who access patient identifiable information, record the nature of the patient information accessed, and maintain a permanent record of actions taken by the user. By providing a precise method for an organization to monitor and review who has accessed patient data, audit logs have the potential for more effective security oversight than traditional paper record environments. This specification will identify functionality needed for audit log management, the data to be recorded, and the use of audit logs as security and management tools by organizational managers.

1.3 In the absence of computerized logs, audit log principles can be implemented manually in the paper patient record environment with respect to permanently monitoring paper patient record access. Where the paper patient record and the computer-based patient record coexist in parallel, security oversight and access management should address both environments.

1.4 The second purpose of this specification is to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it. Security management of health information requires a comprehensive framework that incorporates mandates and criteria for disclosing patient health information found in federal and state laws, rules and regulations and ethical statements of professional conduct. Accountability for such a framework should be established through a set of standard principles that are applicable to all health care settings and health information systems.

1.5 Logs used to audit and oversee health information access and disclosure are the responsibility of each health care organization, data intermediary, data warehouse, clinical data repository, third party payer, agency, organization or corporation that maintains or provides, or has access to individually-identifiable data. Such logs are specified in and support policy on information access monitoring and are tied to disciplinary sanctions that satisfy legal, regulatory, accreditation and institutional mandates.

1.6 Organizations need to prescribe access requirements for aggregate data and to approve query tools that allow auditing capability, or design data repositories that limit inclusion of data that provide potential keys to identifiable data. Inferencing patient identifiable data through analysis of aggregate data that contains limited identifying data elements such as birth date, birth location, and family name, is possible using software that matches data elements across data bases. This allows a consistent approach to linking records into longitudinal cases for research purposes. Audit trails can be designed to work with applications which use these techniques if the query functions are part of a defined retrieval application but often standard query tools are not easily audited. This specification applies to the disclosure or transfer of health information (records) individually or in batches.

1.7 This specification responds to the need for a standard addressing privacy and confidentiality as noted in Public Law 104 191 (2) , or the Health Insurance Portability and Accountability Act of 1996 (3) .

2. Referenced Documents (purchase separately) The documents listed below are referenced within the subject standard but are not provided as part of the standard.

ASTM Standards

E1384 Practice for Content and Structure of the Electronic Health Record (EHR)

E1633 Specification for Coded Values Used in the Electronic Health Record

E1762 Guide for Electronic Authentication of Health Care Information

E1869 Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

E1902 Specification for Management of the Confidentiality and Security of Dictation, Transcription, and Transcribed Health Records

E1986 Guide for Information Access Privileges to Health Information

Other Health Informatics Standards

ANSI ASC X12 Version 3, Release 3 Available from American National Standards Institute (ANSI), 25 W. 43rd St., 4th Floor, New York, NY 10036, Health Level Seven ( Version 2.2 Available from HL7, Mark McDougall, Executive Director, 900 Victors Way, Suite 122, Ann Arbor, MI 48108. ISO/TEC 15408


audit; disclosure logs; health information systems;

ICS Code

ICS Number Code 35.240.80 (IT applications in health care technology)

DOI: 10.1520/E2147-01R09

ASTM International is a member of CrossRef.

This book also exists in the following packages...

Year Publisher Title Annual Price
[+] $2,028.00 Buy
[+] $722.00 Buy
[+] $3,070.00 Buy
[+] $866.00 Buy

Subscription Information ASTM Standards subscriptions are annual and access is unlimited concurrency based (number of people that can access the subscription at any given time) from single office location. For pricing on multiple office location ASTM Standards Subscriptions, please contact us at or +1 800.798.9296.


Some features of ASTM Standards Subscriptions are:

- Online access: With’ s web based subscription service no downloads or installations are required. Access ASTM Standards from any browser on your computer, tablet or smart phone.

- Immediate Access: As soon as the transaction is completed, your ASTM Standards Subscription will be ready for access.


For any further information on ASTM Standards Subscriptions, please contact us at or +1 800.798.9296.


About ASTM

ASTM International, formerly known as the American Society for Testing and Materials (ASTM), is a globally recognized leader in the development and delivery of international voluntary consensus standards. Today, some 12,000 ASTM standards are used around the world to improve product quality, enhance safety, facilitate market access and trade, and build consumer confidence. ASTM’s leadership in international standards development is driven by the contributions of its members: more than 30,000 of the world’s top technical experts and business professionals representing 150 countries. Working in an open and transparent process and using ASTM’s advanced electronic infrastructure, ASTM members deliver the test methods, specifications, guides, and practices that support industries and governments worldwide.