Retrieval Auditing
The objective of retrieval auditing is to monitor and store which user retrieved certain information, at which time, via the Claims[1] user interface. To support this objective Claims monitors the retrieval of claims, authorizations and person information.
PHI / PII access in the Jet User Interface is logged via Resource Auditing.
System property ohi.logging.target
determines where the system stores audit
messages. Possible values:
-
log: PHI access is logged using any configured Logback Appender for which the PHI filter is applied. An example of such a Logback Appender is the RollingFileAppender.
-
database: audit messages for PHI access are persisted in the database as part of the ADF UI request and can be accessed via the
generic/logphievents
resource.
This chapter does not cover what happens to the claim, authorization or person after it has been accessed, that is, who changed the claim or what was changed on the claim.
The "View Authorizations" page displays authorizations that are imported through the authorization integration point. The nature of the information shown on this page is identical to the information shown on a claims page. For this reason, the View Authorization page is monitored as well.
Design Choices
-
Claims monitors access for claims, authorizations and persons and families only; any page that shows claims, authorizations or person (family) information is monitored.
-
Claims, authorization, person and family access is written to the (same) security log file by default.
-
Monitoring is restricted to logging access. Actions that are performed on the accessed records are not logged using the mechanism described in this chapter.
-
Access to a claim, an authorization, a person or a family is logged when:
-
a page opens in context of a specific claim, authorization, person or family;
-
the page is refreshed (such as after a save or submit).
-
-
Claims does not log the search criteria that pulled up the claim, authorization, person or family, that is, it logs the search results.
An ADF UI audit log entry has the following parts:
Key | Value Description |
---|---|
Time stamp |
When was PHI data accessed |
keyword |
All messages start with the tag "RETRIEVAL"
(not shown in the |
user |
The login name of the user that accessed PHI data |
function code |
Code of the user interface page that was used to access PHI data |
function name |
Name of the user interface page that was used to access PHI data |
entity |
The entity type that was accessed, for example, claim (CLAI), authorization (AUTH), relation (PERS) or (FMLY) |
relatedKey |
The claim code, authorization code, person code or family code |
Monitored Pages
The following user interface pages could serve as a first point of entry for claims or authorizations:
-
CL0027 Search Claims
-
CL0121 Search Claim Lines
-
CL0029 Manual Pricing
-
CL0115 Manual Pricing Adjudication
-
CL0030 Manual Benefits
-
CL0031 Manual Adjudication
-
CL0028 View Claim
-
CL0022 View Authorizations
-
CL0139 Enter Claim
-
CL0012 Change Claim
-
CL0050 View Claim Transaction
-
CL0053 Adjudication Limit Counters
-
CL0085 Provider Limit Counters
-
CL0054 View Regime Counters
-
CL0055 Adjudication Cases
-
CL0145 Episodes
-
RM0014 Relations
-
RM0012 Persons
The following sections show sample log entries. The samples assume the value for
system property ohi.logging.target
is log
, and a Logback file appender is
configured.
Technical details like thread, level and class parts of the log entry are omitted
and replaced by "…".
Search Claims
Whenever the user executes a search in the Search Claims page, Claims logs which claims have been retrieved. Note that the Search Claims page can display multiple claims as the result of a single search, that is, a single query can result in multiple log entries.
The following events will trigger one or more log entries in this page:
-
Executing a search
Consider the scenario where a user with log in name JONES executes a search that returns four claims. The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS, entity=CLAI, relatedKey=12314} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS, entity=CLAI, relatedKey=14532} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS, entity=CLAI, relatedKey=45221} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS, entity=CLAI, relatedKey=45677}
Search Claim Lines
Whenever the user executes a search in the Search Claim Lines page, Claims logs which claims have been retrieved. Note that the Search Claim Lines page can display multiple claim lines as the result of a single search, that is, a single query can result in multiple log entries.
The following events will trigger one or more log entries in this page:
-
Executing a search
Consider the scenario where a user with log in name JONES executes a search that returns four claim lines of which two claim lines are within the same claim. The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM LINES, entity=CLAI, relatedKey=12314} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM LINES, entity=CLAI, relatedKey=12314} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM LINES, entity=CLAI, relatedKey=45221} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM LINES, entity=CLAI, relatedKey=45677}
Manual Pricing
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Pricing page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING AND BENEFITS, entity=CLAI, relatedKey=12314}
Manual Pricing Adjudication
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Pricing Adjudication page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING ADJUDICATION, entity=CLAI, relatedKey=12314}
Manual Benefits
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Benefits page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0030, functionName=MANUAL PRICING AND BENEFITS, entity=CLAI, relatedKey=12314}
Manual Adjudication
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Adjudication page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL ADJUDICATION, entity=CLAI, relatedKey=12314}
Enter Claim
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Enter Claim page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0139, functionName=ENTER CLAIM, entity=CLAI, relatedKey=12314}
Change Claim
This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Change Claim page.
The following events will trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0012, functionName=CHANGE CLAIM, entity=CLAI, relatedKey=12314}
Un-finalize Claim
Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim page.
The following events trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0032, functionName=UNFINALIZE CLAIM, entity=CLAI, relatedKey=12314}
View Claim
This page can be directly opened in the context of a specific claim through deep links provided in the reporting view layer. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim page.
The following events trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 .... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=VIEW CLAIM, entity=CLAI, relatedKey=12314}
View Claim Transaction
This page can be directly opened in the context of a specific claim through deep links provided in the reporting view layer. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim Transaction page.
The following events trigger a log entry in this page:
-
Opening the page
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0050, functionName=VIEW CLAIM TRANSACTION, entity=CLAI, relatedKey=12314}
View Authorizations
Whenever the user executes a search in the View Authorizations page, Claims logs which authorizations have been retrieved. Note that the View Authorizations page can display multiple authorizations as a result of a single search, that is, more than one log lines can be written to the log as part of a single query.
Consider the scenario where a user with log in name JONES executes a search that returns three authorizations. The following information is logged:
2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS, entity=AUTH, relatedKey=67432} 2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS, entity=AUTH, relatedKey=67412} 2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS, entity=AUTH, relatedKey=67211}
Adjudication Limit Counters
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the adjudication limit counters page and executes a search to see the limits for a single person.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0053, functionName=ADJUDICATION LIMIT COUNTERS, entity=PERS, relatedKey=MEM00231}
Provider Limit Counters
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the provider limit counters page and executes a search to see the limits for a single person.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0085, functionName=PROVIDER LIMIT COUNTERS, entity=PERS, relatedKey=MEM00231} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0085, functionName=PROVIDER LIMIT COUNTERS, entity=PERS, relatedKey=MEM00123}
Note that the retrieval of provider limit counters that don’t have a reference to an insurable entity (so that count across insurable entities) is logged without the qualifier (PERS) and insurable entity code.
View Regime Counters
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the view regime counters page and executes a search to see the regime counters for a single person.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0054, functionName=VIEW REGIME COUNTERS, entity=PERS, relatedKey=MEM00231} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0054, functionName=VIEW REGIME COUNTERS, entity=FMLY, relatedKey=5634563}
Adjudication Cases
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the adjudication cases page and executes a search to see the cases for a single person.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0055, functionName=ADJUDICATION CASES, entity=PERS, relatedKey=MEM00231}
Episodes
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the episodes page and executes a search to see the episodes for a single person.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL00145, functionName=EPISODES, entity=PERS, relatedKey=MEM00231}
Relations
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. This page may display a mix of organization and person records. Only the retrieval of the person records is monitored. Consider the scenario where a user with log in name JONES accesses the relations page and executes a search that returns three relations.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS, entity=PERS, relatedKey=MEM00231} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS, entity=PERS, relatedKey=MEM03213}
Persons
This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the persons page and executes a search that returns three persons.
The following events trigger a log entry in this page:
-
Submitting a search
-
Refreshing the page
The following information is logged:
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS, entity=PERS, relatedKey=MEM00231} 2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS, entity=PERS, relatedKey=MEM03213}
Scenario 1
To give an impression of what and when something is written to the log file in the common event that a user queries a claim to apply manual benefits, consider the following scenario. Note that the examples of the log display the cumulative entries, to give an impression how the log is extended with each entry.
User JONES opens the Search Claim page. He executes a search that returns 2 claims. Once the 2 search results are retrieved and displayed, the following lines are logged:
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=12314} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14532}
User JONES selects one of the search results (claim 14532) and opens the Manual Pricing and Benefits page for that claim. A new entry is logged:
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=12314} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14532} 2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING AND BENEFITS, entity=CLAI, relatedKey=14532}
User JONES changes the coverages and submits the claim for further processing. Submitting the claim closes the Manual Pricing and Benefits page and opens up the View Claim page for the same claim. A new entry is logged:
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=12314} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14532} 2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING AND BENEFITS, entity=CLAI, relatedKey=14532} 2010/08/07 11:10:53 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM, entity=CLAI, relatedKey=14532}
When the View Claim page opens, the status of the claim is still ADJUDICATION DONE. User JONES wants to make sure that the claim reaches the status FINALIZED without requiring any further intervention. To that end, user JONES refreshes the View Claim page after waiting for a couple of seconds. The refresh triggers a new entry:
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=12314} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14532} 2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING AND BENEFITS, entity=CLAI, relatedKey=14532} 2010/08/07 11:10:53 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM, entity=CLAI, relatedKey=14532} 2010/08/07 11:11:05 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM, entity=CLAI, relatedKey=14532}
The refreshed page shows that the claim is now FINALIZED, so user JONES closes the View Page.
Scenario 2
It is possible that two different users access claims. In the event that both users retrieve multiple claims with a single query, the log line entries may be interlaced. There is no guarantee that line entries that originate from the same query are always subsequent.
User JONES and user SMITH both execute a query in the Search Claim page at exactly the same time. Bot queries return three claims. The log could be appended as follows:
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=12314] 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14432} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=15314} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=17784} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=17632} 2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM, entity=CLAI, relatedKey=14532}