Resource Auditing

This feature monitors user access and user updates to protected health information (PHI) and personally identifiable information (PII) through the HTTP application programming interface (API). All HTTP resources that link a person to PHI and all resources that contain PII are monitored. Whenever a user or a client application retrieves one of these resources or issues an operation on one of these resources, the application creates an entry in a dedicated log.

System property ohi.logging.target determines where the system stores audit messages. Possible values:

log: PHI access is logged using any configured Logback Appender for which the PHI filter is applied. An example of such a Logback Appender is the RollingFileAppender.
database: audit messages for PHI access are persisted in the database as part of the HTTP API request and can be accessed via the generic/logphievents resource.

Design choices

This feature is limited to logging the HTTP API operations on monitored resources. It does not trigger events.
The set of monitored resources is limited to:
- The person (including insurable entity and insurable person) resource and its detail resources
- Any resource representing operational information, linked to an insurable entity or a family

An audit log entry has the following parts:

Key Value Description

Key	Value Description
Time stamp	When was PHI data accessed
keyword	All messages start with the tag "ACCESS" (not shown in the `generic/logphievents` payload)
user	The login name of the user (specified as 'system' for internal system user)
resource	The name of the resource that was accessed
id	The technical ID of the resource that was accessed
relatedKey	The code of the relation, family or insurable object that is in context (if applicable)
relatedId	The technical ID of the relation or insurable entity resource that is in context (if applicable)
method	The operation (GET, PUT, POST, PATCH or DELETE) issued on the resource

Time stamp

When was PHI data accessed

keyword

All messages start with the tag "ACCESS" (not shown in the generic/logphievents payload)

user

The login name of the user (specified as 'system' for internal system user)

resource

The name of the resource that was accessed

The technical ID of the resource that was accessed

relatedKey

The code of the relation, family or insurable object that is in context (if applicable)

relatedId

The technical ID of the relation or insurable entity resource that is in context (if applicable)

method

The operation (GET, PUT, POST, PATCH or DELETE) issued on the resource

Monitored Resources

The following resources are monitored in OHI Claims Adjudication:

persons
- addresses
- assignedproviders
- bankaccountnumbers
- eligibilitychecks
- maritalstatuses
- persontitles
- relationidentifiers
- personcoveredservices
insurableentities
- insurablepersons
claims
- claimlines
ctrclaims
- ctrclaimlines
authorizations
limitcounters
- limitconsumptions
providerlimitcounters
regimecounters
- regimeconsumptions
adjudicationcases
episodes
policyproducts
policyfamilies

The following resources are monitored in OHI Capitation:

persons
- addresses
- assignedproviders
- bankaccountnumbers
- contractalignments
- persontitles
- relationidentifiers
contract events
contract mutations
attributions
calculation results

The following resources are monitored in OHI Enterprise Policy Administration:

persons
- addresses
- assignedproviders
- bankaccountnumbers
- maritalstatuses
- persontitles
- relationidentifiers
- personcoveredservices
insurableentities
- insurablepersons
policies
- policyholders
- policy enrollments
- policy bill receivers
policy accounts
- policy account transactions
calculation results

Examples

The following sections show sample log entries. The samples assume the value for system property ohi.logging.target is log, and a Logback file appender is configured. Technical details like thread, level and class parts of the log entry are omitted and replaced by "…".

Common Examples

Persons

persons

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=persons, id=456719800, relatedKey=MEM12345,identifierstype=12348690, method=GET}

Part (5.6) is not logged for persons, because it is identical to part (5.4).

addresses

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=addresses, id=656266336, relatedKey=MEM12345, relatedId=456719800, method=POST}

bankaccountnumbers

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=bankaccountnumbers, id=756266336, relatedKey=MEM12345, relatedId=456719800, method=DELETE}

persontitles

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=persontitles, id=356266336, relatedKey=MEM12345, relatedId=456719800, method=PATCH}

OHI Claims Adjudication Examples

Persons

maritalstatuses

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=maritalstatuses, id=456719800, relatedKey=MEM12345, relatedId=456719800, method=GET}

eligibilitychecks

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=eligibilitychecks, id=856266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=eligibilitychecks, id=856266335, method=GET}

Insurable Entities

insurableentities

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=insurableentities, id=256266330, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=insurableentities, id=276266330, relatedKey=CAR12345, method=GET}

Part (5.6) is not logged for insurable entities that are objects, because it is identical to part (5.4).

insurablepersons

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=insurablepersons, id=2562663330, relatedKey=MEM12345, relatedId=456719800, method=GET}

Claims

claims

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=claims, id=256266331, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=claims, id=245239330, method=PUT}

claimlines

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=claimlines, id=256266332, relatedKey=MEM12345, relatedId=456719800, method=POST}

Note that if a claim line does not have a reference to an insurable entity, that information is picked up from the claim level.

ctrclaims

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=ctrclaims, id=256266331, relatedKey=MEM12345, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=ctrclaims, id=256266333, method=GET}

Part (5.6) is not logged for ctr claims, because ctr claims do not have references to insurable entities; the code of the serviced (insurable) entity is stored as an attribute on the ctr claim.

ctrclaimlines

2017/03/01 15:56:02; … ;{keyword=ACCESS, user=JONES, resource=ctrclaimlines, id=256266334, relatedKey=MEM12345, method=GET}

Note that if a ctr claim line does not have a specified serviced entity code, that information is picked up from the ctr claim level. Part (5.6) is not logged for ctr claim lines (same as for ctr claims).

Authorizations

authorizations

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=authorizations, id=256266335, relatedKey=MEM12345, relatedId=456719800, method=GET}

Counters

limitcounters

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=limitcounters, id=256266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=limitcounters, id=245239337, relatedKey=FAM12345, method=GET}

limitconsumptions

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=limitconsumptions, id=256266338, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=limitconsumptions, id=256266339, method=GET}

providerlimitcounters

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=providerlimitcounters, id=256266346, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=providerlimitcounters, id=256266356, method=GET}

regimecounters

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=regimecounters, id=256266366, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/02 13:22:12; … ; {keyword=ACCESS, user=JONES, resource=regimecounters, id=256266376, relatedKey=FAM12345, method=GET}

regimeconsumptions

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=regimeconsumptions, id=256266386, relatedKey=MEM12345, relatedId=456719800, method=GET}

Adjudication Cases

adjudicationcases

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=adjudicationcases, id=256266396, relatedKey=MEM12345, relatedId=456719800, method=GET}

Episodes

episodes

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=episodes, id=256266436, relatedKey=MEM12345, relatedId=456719800, method=GET}

Policy Products and Families

policyproducts

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=policyproducts, id=256266536, relatedKey=MEM12345, relatedId=456719800, method=GET}

policyfamilies

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=policyfamilies, id=256266636, relatedKey=MEM12345, relatedId=456719800, method=GET}

In part (5.5) the code of the relation or insurable object is logged instead of the code of the family.

OHI Capitation Examples

Persons

assignedproviders

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=assignedproviders, id=956266336, relatedKey=MEM12345, relatedId=456719800, method=GET}

contractalignments

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=contractalignments, id=458889800, relatedKey=MEM12345, relatedId=456719800, method=GET}

Change Events

contractevents

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=contractevents, id=956392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 17:58:34; … ; {keyword=ACCESS, user=JONES, resource=contractevents, id=956392337, method=GET}

contractmutations

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=contractmutations, id=946392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

2017/03/01 17:58:34; … ; {keyword=ACCESS, user=JONES, resource=contractmutations, id=946392337, method=GET}

Calculations

attributions

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=attributions, id=888392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

calculationresults

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=calculationresults, id=317392336, relatedKey=MEM12345, relatedId=456719800, method=GET}

OHI Enterprise Policy Administration Examples

Persons

maritalstatuses

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=maritalstatuses, id=456719800, relatedKey=MEM12345, relatedId=456719800, method=GET}

Policies

policies**

**2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=policies, id=4567637291, relatedKey=MEM12345, relatedId=4567637291, method=GET}

Calculations

calculationresults

2017/03/01 15:56:02; … ; {keyword=ACCESS, user=JONES, resource=calculationresults, id=317392336, relatedKey=MEM12345, relatedId=456719800, method=GET}