Implement Audit Services
HDR Auditing Services lets you log and monitor all HDR activities, to monitor security policy and regulation compliance-by recording actions taken by users during sessions. Such actions could include invoking an API, performing a custom function, or other defined events.
HDR Configuration Manager, a GUI tool, lets security administrators define auditing policies. Implementation of HDR Audit Services includes the following steps:
- Enabling HDR Audit Services
- Initializing existing audit event types
- Creating new audit event types
- Invoking HDR Audit Services
Prerequisites
- Implementing Enterprise Terminology Services
Procedures
The following chart provides an overview of the implementation process for Audit Services:
Figure 2-6 Implementation Process: Audit Services
To implement Audit Services, refer to the following procedure table:
| Task-Step | Description | Optional? |
|---|---|---|
|
3-1 |
Enabling Audit Services |
Yes |
|
3-2 |
Initializing Existing Audit Event Types |
Yes |
|
3-3 |
Creating New Audit Event Types |
Yes |
|
3-4 |
Invoking HDR Audit Services |
Yes |
Enabling Audit Services
HDR Audit Services can be enabled (turned on) or disabled (turned off) globally. When enabled, audit events of all seeded and user-defined audit event types can be audited. When disabled, Audit Services is not operative.
Auditing is turned on or off by setting the profile option CTB: Auditing ON to Y or N respectively. By default, CTB: Auditing ON is set to Y on install. Use the ProfileOptionService to update this value. The profile option service API to update this profile option is:
ProfileOptionService.setProfileOptionValue
Initializing Existing Audit Event Types
Audit event types can selectively be turned on or off. When both the global auditing flag and a particular audit event type are turned on, events of this particular type are audited by HDR Audit Service.
Following is the list of HDR audit event types is seeded for HDR use. By default, these event types are turned on.
-
CTB: Audit Receive Message
-
CTB: Audit Update OID
-
CTB: Audit Query on Personal Health Information
-
CTB: Audit Insert/Update of Personal Health Information
Creating New Audit Event Types
Applications developed on the HDR Platform can define business audit event types in addition to the seeded event types.
For example, an Admitting application might define an audit event type asAdmit Patient, and monitor events of this type.
Note:
Although HDR provides the mechanism to audit business events, it is your responsibility to implement the appropriate audit calls to log such events.To create a new audit event type, use ProfileOptionService.createProfileOption to create a new profile option with the new audit event type as the profile option code.
Invoking HDR Audit Services
After defining new audit event types, applications can log audit events of these types by calling the Audit Services interface.
Reference
Oracle Healthcare Data Repository Javadoc
Table 2-7 Service and Methods: Audit Services
|
Level |
Detail |
|
Package |
oracle.hsgbu.hdr.auditing |
|
Class |
AuditService |
|
Methods |
createEventLog |
Prerequisite
Creating New Audit Event Types
Responsibility
Any responsibility.
Navigation
This is an API-based implementation procedure.
Steps
-
Turn on HDR Audit Services and the audit event type.
-
Enabling Audit Services
-
Initializing Existing Audit Event Types
-
-
In the application code, call the createEventLog method with the new event type as the value of the EventType attribute. This can be found in Oracle Healthcare Data Repository Javadoc.