Resource Auditing

This feature monitors user access and user updates to protected health information (PHI) and personally identifiable information (PII) through the HTTP application programming interface (API). All HTTP resources that link a person to PHI and all resources that contain PII are monitored. Whenever a user or a client application retrieves one of these resources or issues an operation on one of these resources, the application will create an entry in a dedicated log file.

Design choices

  • This feature is limited to logging the HTTP API operations on monitored resources. It does not trigger events.

  • The set of monitored resources is limited to:

    • The person (including insurable entity and insurable person) resource and its detail resources

    • Any resource representing operational information, linked to an insurable entity or a family

  • Every log entry file has the following parts:

    • (1) Time stamp

    • (2) Thread

    • (3) Level

    • (4) Class

    • (5) Message

  • Part (5) provides a meaningful description of the event that triggered the entry in a key value pair:

Part

Key

Value Description

5.1

keyword

All messages start with the tag "ACCESS"

5.2

user

The login name of the user (specified as 'system' for internal system user)

5.3

resource

The name of the resource that was accessed

5.4

id

The technical ID of the resource that was accessed

5.5

relatedKey

The code of the relation, family or insurable object that is in context (if applicable)

5.6

relatedId

The technical ID of the relation or insurable entity resource that is in context (if applicable)

5.7

method

The operation (GET, PUT, POST, PATCH or DELETE) issued on the resource

The separate components of the logged message are key-value pair, comma (,) delimited to facilitate the usage of spreadsheet applications to import the log file.

Monitored Resources

The following resources are monitored in OHI Claims Adjudication:

  • persons

    • addresses

    • assignedproviders

    • bankaccountnumbers

    • eligibilitychecks

    • maritalstatuses

    • persontitles

    • relationidentifiers

  • insurableentities

    • insurablepersons

  • claims

    • claimlines

  • ctrclaims

    • ctrclaimlines

  • authorizations

  • limitcounters

    • limitconsumptions

  • providerlimitcounters

  • regimecounters

    • regimeconsumptions

  • adjudicationcases

  • episodes

  • policyproducts

  • policyfamilies

  • policywaitingperiodstartdates

The following resources are monitored in OHI Capitation:

  • persons

    • addresses

    • assignedproviders

    • bankaccountnumbers

    • contractalignments

    • persontitles

    • relationidentifiers

  • contract events

  • contract mutations

  • attributions

  • calculation results

The following resources are monitored in OHI Enterprise Policy Administration:

  • persons

    • addresses

    • assignedproviders

    • bankaccountnumbers

    • maritalstatuses

    • persontitles

    • relationidentifiers

  • insurableentities

    • insurablepersons

  • policies

    • policyholders

    • policy enrollments

    • policy bill receivers

  • policy accounts

    • policy account transactions

  • calculation results

Examples

The following sections contain a number of example log entries. Theses example entries do not show the thread, level and class parts of the log entry. Their position is represented by triple dots "…​".

Common Examples

Persons

persons

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=persons, id=456719800, relatedKey=MEM12345,identifierstype=12348690, method=GET}

Part (5.6) is not logged for persons, because it is identical to part (5.4).

addresses

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=addresses, id=656266336, relatedKey=MEM12345, relatedId=456719800, method=POST}

bankaccountnumbers

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=bankaccountnumbers, id=756266336, relatedKey=MEM12345, relatedId=456719800, method=DELETE}

persontitles

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=persontitles, id=356266336, relatedKey=MEM12345, relatedId=456719800, method=PATCH}

OHI Claims Adjudication Examples

Persons

maritalstatuses

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=maritalstatuses, id=456719800, relatedKey=MEM12345, relatedId=456719800, method=GET}

eligibilitychecks

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=eligibilitychecks, id=856266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=eligibilitychecks, id=856266335, method=GET}

Insurable Entities

insurableentities

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=insurableentities, id=256266330, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=insurableentities, id=276266330, relatedKey=CAR12345, method=GET}

Part (5.6) is not logged for insurable entities that are objects, because it is identical to part (5.4).

insurablepersons

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=insurablepersons, id=2562663330, relatedKey=MEM12345, relatedId=456719800, method=GET}

Claims

claims

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=claims, id=256266331, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=claims, id=245239330, method=PUT}

claimlines

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=claimlines, id=256266332, relatedKey=MEM12345, relatedId=456719800, method=POST}

Note that if a claim line does not have a reference to an insurable entity, that information is picked up from the claim level.

ctrclaims

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=ctrclaims, id=256266331, relatedKey=MEM12345, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=ctrclaims, id=256266333, method=GET}

Part (5.6) is not logged for ctr claims, because ctr claims do not have references to insurable entities; the code of the serviced (insurable) entity is stored as an attribute on the ctr claim.

ctrclaimlines

2017/03/01 15:56:02; …​ ;{keyword=ACCESS, user=JONES, resource=ctrclaimlines, id=256266334, relatedKey=MEM12345, method=GET}

Note that if a ctr claim line does not have a specified serviced entity code, that information is picked up from the ctr claim level. Part (5.6) is not logged for ctr claim lines (same as for ctr claims).

Authorizations

authorizations

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=authorizations, id=256266335, relatedKey=MEM12345, relatedId=456719800, method=GET}

Counters

limitcounters

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=limitcounters, id=256266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=limitcounters, id=245239337, relatedKey=FAM12345, method=GET}

limitconsumptions

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=limitconsumptions, id=256266338, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=limitconsumptions, id=256266339, method=GET}

providerlimitcounters

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=providerlimitcounters, id=256266346, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=providerlimitcounters, id=256266356, method=GET}

regimecounters

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=regimecounters, id=256266366, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; …​ ; {keyword=ACCESS, user=JONES, resource=regimecounters, id=256266376, relatedKey=FAM12345, method=GET}

regimeconsumptions

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=regimeconsumptions, id=256266386, relatedKey=MEM12345, relatedId=456719800, method=GET}

Adjudication Cases

adjudicationcases

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=adjudicationcases, id=256266396, relatedKey=MEM12345, relatedId=456719800, method=GET}

Episodes

episodes

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=episodes, id=256266436, relatedKey=MEM12345, relatedId=456719800, method=GET}

Policy Products, Families and Waiting Period Start Dates

policyproducts

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=policyproducts, id=256266536, relatedKey=MEM12345, relatedId=456719800, method=GET}

policyfamilies

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=policyfamilies, id=256266636, relatedKey=MEM12345, relatedId=456719800, method=GET}

In part (5.5) the code of the relation or insurable object is logged instead of the code of the family.

policywaitingperiodstartdates

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=policywaitingperiodstartdates, id=256266736, relatedKey=MEM12345, relatedId=456719800, method=GET}

OHI Capitation Examples

Persons

assignedproviders

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=assignedproviders, id=956266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

contractalignments

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=contractalignments, id=458889800, relatedKey=MEM12345, relatedId=456719800, method=GET}

Change Events

contractevents

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=contractevents, id=956392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 17:58:34; …​ ; {keyword=ACCESS, user=JONES, resource=contractevents, id=956392337, method=GET}

contractmutations

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=contractmutations, id=946392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 17:58:34; …​ ; {keyword=ACCESS, user=JONES, resource=contractmutations, id=946392337, method=GET}

Calculations

attributions

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=attributions, id=888392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

calculationresults

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=calculationresults, id=317392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

OHI Enterprise Policy Administration Examples

Persons

maritalstatuses

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=maritalstatuses, id=456719800, relatedKey=MEM12345, relatedId=456719800, method=GET}

Policies

policies**

**2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=policies, id=4567637291, relatedKey=MEM12345, relatedId=4567637291, method=GET}

Calculations

calculationresults

2017/03/01 15:56:02; …​ ; {keyword=ACCESS, user=JONES, resource=calculationresults, id=317392336, relatedKey=MEM12345, relatedId=456719800, method=GET}