EHRS-FM IG

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.14.0 - CI Build

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1 - Local Development build (v0.14.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Requirements: TI.2.1.2.9 User Permissions (Authorization) Security Audit Trigger (Function)

Active as of 2024-06-01
Statement N:

Manage Audit Trigger initiated to track user permissions (authorization).

Description I:

Capture user permissions (authorization), both routine and exceptional, including key metadata (who, what, when, where, why).

Criteria N:
TI.2.1.2.9#01 SHALL

The system SHALL audit each occurrence when user permissions (authorizations) are granted, removed or updated.

TI.2.1.2.9#02 SHALL

The system SHALL capture identity of the organization.

TI.2.1.2.9#03 conditional SHALL

IF known, THEN the system SHALL capture identity of the user.

TI.2.1.2.9#04 SHALL

The system SHALL capture identity of the system.

TI.2.1.2.9#05 SHALL

The system SHALL capture the event initiating audit trigger.

TI.2.1.2.9#06 SHALL

The system SHALL capture the date and time of the event initiating audit trigger.

TI.2.1.2.9#07 SHALL

The system SHALL capture identity of the location (i.e., network address).

TI.2.1.2.9#08 SHOULD

The system SHOULD capture the rationale for granting, removing or updating user permissions.

TI.2.1.2.9#09 SHALL

The system SHALL capture identity of user to whom permissions apply.

TI.2.1.2.9#10 SHALL

The system SHALL capture the new set of applicable user permissions (authorizations).