Retrieval Auditing

The objective of retrieval auditing is to monitor and store which user retrieved certain information, at which time, via the Claims[1] user interface. To support this objective Claims monitors the retrieval of claims, authorizations and person information.

PHI / PII access in the Jet User Interface is logged via Resource Auditing.

System property ohi.logging.target determines where the system stores audit messages. Possible values:

  • log: PHI access is logged using any configured Logback Appender for which the PHI filter is applied. An example of such a Logback Appender is the RollingFileAppender.

  • database: audit messages for PHI access are persisted in the database as part of the ADF UI request and can be accessed via the generic/logphievents resource.

This chapter does not cover what happens to the claim, authorization or person after it has been accessed, that is, who changed the claim or what was changed on the claim.

The "View Authorizations" page displays authorizations that are imported through the authorization integration point. The nature of the information shown on this page is identical to the information shown on a claims page. For this reason, the View Authorization page is monitored as well.

Design Choices

  • Claims monitors access for claims, authorizations and persons and families only; any page that shows claims, authorizations or person (family) information is monitored.

  • Claims, authorization, person and family access is written to the (same) security log file by default.

  • Monitoring is restricted to logging access. Actions that are performed on the accessed records are not logged using the mechanism described in this chapter.

  • Access to a claim, an authorization, a person or a family is logged when:

    • a page opens in context of a specific claim, authorization, person or family;

    • the page is refreshed (such as after a save or submit).

  • Claims does not log the search criteria that pulled up the claim, authorization, person or family, that is, it logs the search results.

An ADF UI audit log entry has the following parts:

Table 1. Design Choices
Key Value Description

Time stamp

When was PHI data accessed

keyword

All messages start with the tag "RETRIEVAL" (not shown in the generic/logphievents payload)

user

The login name of the user that accessed PHI data

function code

Code of the user interface page that was used to access PHI data

function name

Name of the user interface page that was used to access PHI data

entity

The entity type that was accessed, for example, claim (CLAI), authorization (AUTH), relation (PERS) or (FMLY)

relatedKey

The claim code, authorization code, person code or family code

Monitored Pages

The following user interface pages could serve as a first point of entry for claims or authorizations:

  • CL0027 Search Claims

  • CL0121 Search Claim Lines

  • CL0029 Manual Pricing

  • CL0115 Manual Pricing Adjudication

  • CL0030 Manual Benefits

  • CL0031 Manual Adjudication

  • CL0028 View Claim

  • CL0022 View Authorizations

  • CL0139 Enter Claim

  • CL0012 Change Claim

  • CL0050 View Claim Transaction

  • CL0053 Adjudication Limit Counters

  • CL0085 Provider Limit Counters

  • CL0054 View Regime Counters

  • CL0055 Adjudication Cases

  • CL0145 Episodes

  • RM0014 Relations

  • RM0012 Persons

The following sections show sample log entries. The samples assume the value for system property ohi.logging.target is log, and a Logback file appender is configured. Technical details like thread, level and class parts of the log entry are omitted and replaced by "…​".

Search Claims

Whenever the user executes a search in the Search Claims page, Claims logs which claims have been retrieved. Note that the Search Claims page can display multiple claims as the result of a single search, that is, a single query can result in multiple log entries.

The following events will trigger one or more log entries in this page:

  • Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four claims. The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS,
entity=CLAI, relatedKey=12314}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS,
entity=CLAI, relatedKey=14532}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS,
entity=CLAI, relatedKey=45221}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIMS,
entity=CLAI, relatedKey=45677}

Search Claim Lines

Whenever the user executes a search in the Search Claim Lines page, Claims logs which claims have been retrieved. Note that the Search Claim Lines page can display multiple claim lines as the result of a single search, that is, a single query can result in multiple log entries.

The following events will trigger one or more log entries in this page:

  • Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four claim lines of which two claim lines are within the same claim. The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM
LINES, entity=CLAI, relatedKey=12314}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM
LINES, entity=CLAI, relatedKey=12314}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM
LINES, entity=CLAI, relatedKey=45221}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0121, functionName=SEARCH CLAIM
LINES, entity=CLAI, relatedKey=45677}

Manual Pricing

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Pricing page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING
AND BENEFITS, entity=CLAI, relatedKey=12314}

Manual Pricing Adjudication

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Pricing Adjudication page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING
ADJUDICATION, entity=CLAI, relatedKey=12314}

Manual Benefits

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Benefits page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0030, functionName=MANUAL PRICING
AND BENEFITS, entity=CLAI, relatedKey=12314}

Manual Adjudication

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Manual Adjudication page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL
ADJUDICATION, entity=CLAI, relatedKey=12314}

Enter Claim

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Enter Claim page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0139, functionName=ENTER CLAIM,
entity=CLAI, relatedKey=12314}

Change Claim

This page can be directly opened in the context of a specific claim by using the URL provided in the work flow integration point notification. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the Change Claim page.

The following events will trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0012, functionName=CHANGE CLAIM,
entity=CLAI, relatedKey=12314}

Un-finalize Claim

Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim page.

The following events trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0032, functionName=UNFINALIZE CLAIM,
entity=CLAI, relatedKey=12314}

View Claim

This page can be directly opened in the context of a specific claim through deep links provided in the reporting view layer. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim page.

The following events trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 .... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=VIEW CLAIM,
entity=CLAI, relatedKey=12314}

View Claim Transaction

This page can be directly opened in the context of a specific claim through deep links provided in the reporting view layer. Consider the scenario where a user with log in name JONES accesses claim 12314 through a URL that opens up the View Claim Transaction page.

The following events trigger a log entry in this page:

  • Opening the page

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0050, functionName=VIEW CLAIM
TRANSACTION, entity=CLAI, relatedKey=12314}

View Authorizations

Whenever the user executes a search in the View Authorizations page, Claims logs which authorizations have been retrieved. Note that the View Authorizations page can display multiple authorizations as a result of a single search, that is, more than one log lines can be written to the log as part of a single query.

Consider the scenario where a user with log in name JONES executes a search that returns three authorizations. The following information is logged:

2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS,
entity=AUTH, relatedKey=67432}
2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS,
entity=AUTH, relatedKey=67412}
2010/03/01 13:21:45 ...{keyword=RETRIEVAL, user=JONES, functionCode=CL0022, functionName=VIEW AUTHORIZATIONS,
entity=AUTH, relatedKey=67211}

Adjudication Limit Counters

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the adjudication limit counters page and executes a search to see the limits for a single person.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0053, functionName=ADJUDICATION
LIMIT COUNTERS, entity=PERS, relatedKey=MEM00231}

Provider Limit Counters

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the provider limit counters page and executes a search to see the limits for a single person.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0085, functionName=PROVIDER
LIMIT COUNTERS, entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0085, functionName=PROVIDER
LIMIT COUNTERS, entity=PERS, relatedKey=MEM00123}

Note that the retrieval of provider limit counters that don’t have a reference to an insurable entity (so that count across insurable entities) is logged without the qualifier (PERS) and insurable entity code.

View Regime Counters

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the view regime counters page and executes a search to see the regime counters for a single person.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0054, functionName=VIEW REGIME
COUNTERS, entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0054, functionName=VIEW REGIME
COUNTERS, entity=FMLY, relatedKey=5634563}

Adjudication Cases

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the adjudication cases page and executes a search to see the cases for a single person.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0055, functionName=ADJUDICATION
CASES, entity=PERS, relatedKey=MEM00231}

Episodes

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the episodes page and executes a search to see the episodes for a single person.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL00145, functionName=EPISODES,
entity=PERS, relatedKey=MEM00231}

Relations

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. This page may display a mix of organization and person records. Only the retrieval of the person records is monitored. Consider the scenario where a user with log in name JONES accesses the relations page and executes a search that returns three relations.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM03213}

Persons

This page can be opened by navigating the user interface as well as through deep links used for example, reports based on Claims base/functional views. Consider the scenario where a user with log in name JONES accesses the persons page and executes a search that returns three persons.

The following events trigger a log entry in this page:

  • Submitting a search

  • Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM03213}

Use Cases

Scenario 1

To give an impression of what and when something is written to the log file in the common event that a user queries a claim to apply manual benefits, consider the following scenario. Note that the examples of the log display the cumulative entries, to give an impression how the log is extended with each entry.

User JONES opens the Search Claim page. He executes a search that returns 2 claims. Once the 2 search results are retrieved and displayed, the following lines are logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14532}

User JONES selects one of the search results (claim 14532) and opens the Manual Pricing and Benefits page for that claim. A new entry is logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14532}
2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING
AND BENEFITS, entity=CLAI, relatedKey=14532}

User JONES changes the coverages and submits the claim for further processing. Submitting the claim closes the Manual Pricing and Benefits page and opens up the View Claim page for the same claim. A new entry is logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14532}
2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING
AND BENEFITS, entity=CLAI, relatedKey=14532}
2010/08/07 11:10:53 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM,
entity=CLAI, relatedKey=14532}

When the View Claim page opens, the status of the claim is still ADJUDICATION DONE. User JONES wants to make sure that the claim reaches the status FINALIZED without requiring any further intervention. To that end, user JONES refreshes the View Claim page after waiting for a couple of seconds. The refresh triggers a new entry:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14532}
2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0029, functionName=MANUAL PRICING
AND BENEFITS, entity=CLAI, relatedKey=14532}
2010/08/07 11:10:53 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM,
entity=CLAI, relatedKey=14532}
2010/08/07 11:11:05 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0028, functionName=VIEW CLAIM,
entity=CLAI, relatedKey=14532}

The refreshed page shows that the claim is now FINALIZED, so user JONES closes the View Page.

Scenario 2

It is possible that two different users access claims. In the event that both users retrieve multiple claims with a single query, the log line entries may be interlaced. There is no guarantee that line entries that originate from the same query are always subsequent.

User JONES and user SMITH both execute a query in the Search Claim page at exactly the same time. Bot queries return three claims. The log could be appended as follows:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=12314]
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14432}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=15314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=17784}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=SMITH, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=17632}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=CL0027, functionName=SEARCH CLAIM,
entity=CLAI, relatedKey=14532}
1. Jet based User Interface uses Resource Auditing. For details on resource auditing refer to the chapter "Resource Auditing" of HTTP API Concepts in the Developer Guide.