HDR Audit Services

The HDR Audit Service [AuditService] is a core HDR interface that lets you log and monitor HDR activities, to monitor security policy and regulation compliance—by recording actions taken during user sessions. Such event records can help detect actual or attempted violations of policy and operation procedures.

The AuditService.createEventLog method lets you record an audit event record in the table OHF_HDR_AU_ACCESS_LOG. You can use a reporting tool of your choice to generate auditing reports by querying this table for audit record details of a relevant event.

The EventLog value object has two attributes that are mandatory and validated; the rest are optional and not validated:

EventLog Value Object Attributes

Value Object

Attribute

Mandatory / Optional

Validated

EventLog

EventOutcome

Mandatory

Not Validated

EventLog

EventType

Mandatory

As a valid HDR profile option

When createEventLog is called, the following checks are made to determine whether to record an event or to ignore the request:

  1. If the CTB profile option CTB: Auditing On (CTB_AU_AUDIT_FLAG) is not set to Y, the audit event is not recorded.
  2. If the Break-The-Glass profile option is turned on and the CTB profile option CTB: Audit All When in Break-The-Glass (CTB_AU_ALL_WHEN_BTG) is not set to Y, the audit event is not recorded.
  3. If the attribute EventType of value object EventLog is a valid CTB profile option and the profile option is set to Y, the audit event is recorded.

Example 5-1 Create an Audit Event Record

The following code sample creates an audit event record:

AuditingHelper
auditHelper = new AuditingHelper();
AuditService = mServiceLocator.getAuditService();
EventLog eventLog = auditHelper.newEventLog();
 
// "MyEventType" is a valid CTB profile option
eventLog.setEventType("MyEventType");
// mEventOutcome is a valid membership code in the CTB_AU_EVENT_OUTCOME
conceptlisteventLog.setEventOutcome(mEventOutcome); 
 
DataTypeFactory dataTypeFac
= DataTypeFactory.getInstance(mServiceLocator);
II ii = dataTypeFac.newII(mUID), dataTypeFac.newST(mST);
SET_II iis = dataTypeFac.newSET_II(ii);
 
// finally
mAuditService.createEventLog(eventLog);

Initializing Existing Audit Event Types

Audit event types can selectively be turned on or off. When both the global auditing flag and a particular audit event type are turned on, events of this particular type are audited by HDR Audit Service.

Following is the list of HDR audit event types is seeded for HDR use. By default, these event types are turned on.

  1. CTB: Audit Receive Message
  2. CTB: Audit Resending of Message
  3. CTB: Audit Update OID
  4. CTB: Audit Skipping of Message
  5. CTB: Audit Generation of Message
  6. CTB: Audit Query on Personal Health Information
  7. CTB: Audit Insert/Update of Personal Health Information

Creating New Audit Event Types

Applications developed on the HDR Platform can define business audit event types in addition to the seeded event types.

For example, an Admitting application might define an audit event type asAdmit Patient, and monitor events of this type.

Note:

Although HDR provides the mechanism to audit business events, it is your responsibility to implement the appropriate audit calls to log such events.

To create a new audit event type, use ProfileOptionService.createProfileOption to create a new profile option with the new audit event type as the profile option code.

Invoking HDR Audit Services

After defining new audit event types, applications can log audit events of these types by calling the Audit Services interface.

Reference

Oracle Healthcare Data Repository Javadoc

Table 5-1 Service and Methods: Audit Services

Level

Detail

Package

oracle.hsgbu.hdr.auditing

Class

AuditService

Methods

createEventLog

Prerequisite

Creating New Audit Event Types

Login

This is an API-based implementation procedure.

Responsibility

Any responsibility.

Navigation

This is an API-based implementation procedure.

Steps

  1. Turn on HDR Audit Services and the audit event type.
    • Enabling Audit Services
    • Initializing Existing Audit Event Types
  2. In the application code, call the createEventLog method with the new event type as the value of the EventType attribute.
    See also:
    • Oracle Healthcare Data Repository Javadoc

Attribute Values in Audit Events

Every entry in the audit trail has the attributes listed by the attributes table included in oracle.hsgbu.hdr.auditing.EventLog. This can be found in the Oracle Healthcare Data Repository Javadoc.