Retrieval Auditing

The objective of retrieval auditing is to monitor and store which user retrieved certain information, at which time, via the OHI Enterprise Policy Administration ADF user interface. To support this objective OHI Enterprise Policy Administration monitors the retrieval of policies and person information.

PHI / PII access in the Jet User Interface is logged via Resource Auditing.

System property ohi.logging.target determines where the system stores audit messages. Possible values:

log: PHI access is logged using any configured Logback Appender for which the PHI filter is applied. An example of such a Logback Appender is the RollingFileAppender.
database: audit messages for PHI access are persisted in the database as part of the ADF UI request and can be accessed via the generic/logphievents resource.

This chapter does not cover what happens to the policy or person after it has been accessed, i.e., who changed the policy or what was changed on the policy.

Design choices

OHI Enterprise Policy Administration monitors access for policies and persons only; any page that shows policy or person information is monitored.
Policies and person access is written to the (same) target, either log or database.
Monitoring is restricted to logging access. Actions that are performed on the accessed records are not logged using the mechanism described in this chapter.
Access to a policy or a person is logged when:
- a page opens in context of a specific policy or person;
- the page is refreshed (such as after a save or submit).
OHI Enterprise Policy Administration does not log the search criteria that were used to retrieve the policy or person, i.e., it logs the search results.

An ADF UI audit log entry has the following parts:

Key Value Description

Key	Value Description
Time stamp	When was PHI data accessed
keyword	All messages start with the tag "RETRIEVAL" (not shown in the `generic/logphievents` payload)
user	The login name of the user that accessed PHI data
function code	Code of the user interface page that was used to access PHI data
function name	Name of the user interface page that was used to access PHI data
entity	The entity type that was accessed, e.g. policy (POLI) or relation (PERS)
relatedKey	Policy code or person code

Time stamp

When was PHI data accessed

keyword

All messages start with the tag "RETRIEVAL" (not shown in the generic/logphievents payload)

user

The login name of the user that accessed PHI data

function code

Code of the user interface page that was used to access PHI data

function name

Name of the user interface page that was used to access PHI data

entity

The entity type that was accessed, e.g. policy (POLI) or relation (PERS)

relatedKey

Policy code or person code

Monitored pages

The following user interface pages could serve as a first point of entry for policies or persons:

PO0023 Policies Search
PO0001 View and Edit Policy
PO0044 Persons Search
PO0045 View Person
PO0060 Policy Accounts and Transactions
RM0014 Relations
RM0012 Persons

The following sections show sample log entries. The samples assume the value for system property ohi.logging.target is log, and a Logback file appender is configured. Technical details like thread, level and class parts of the log entry are omitted and replaced by "…".

Search Policies

Whenever the user executes a search in the Policies Search page (or in the Policies Quick Search), OHI Enterprise Policy Administration logs which policies have been retrieved. Note that the Policies Search page can display multiple policies as the result of a single search, i.e., a single query can result in multiple log entries.

The following events will trigger one or more log entries in this page:

Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four policies. The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=12314}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14532}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=45221}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=45677}

View and Edit Policy

This page can be directly opened in the context of a specific policy through deep links provided in the Policies Search page. Consider the scenario where a user with log in name JONES accesses policy 12314 through the Policies Search page that opens up the View and Edit Policy page.

The following events trigger a log entry in this page:

Opening the page
Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0001, functionName=VIEW AND EDIT
POLICY, entity=POLI, relatedKey=12314}

Search Persons

Whenever the user executes a search in the Persons Search page (or in the Persons Quick Search), OHI Enterprise Policy Administration logs which persons have been retrieved. Note that the Persons Search page can display multiple persons as the result of a single search, i.e., a single query can result in multiple log entries.

The following events will trigger one or more log entries in this page:

Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four persons. The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0044, functionName=SEARCH PERSONS,
entity=PERS, relatedKey=MEM23403}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0044, functionName=SEARCH PERSONS,
entity=PERS, relatedKey=MEM14859}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0044, functionName=SEARCH PERSONS,
entity=PERS, relatedKey=MEM97432}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0044, functionName=SEARCH PERSONS,
entity=PERS, relatedKey=MEM22334}

View Person

This page can be directly opened in the context of a specific person through deep links provided in the Persons Search page. Consider the scenario where a user with log in name JONES accesses person MEM45043 through the Persons Search page that opens up the View Person page.

The following events trigger a log entry in this page:

Opening the page
Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0045, functionName=VIEW PERSON,
entity=PERS, relatedKey=MEM45043}

Policy Accounts and Transactions

Whenever the user executes a search in the Policy Accounts section of the Policy Accounts and Transactions page, OHI Enterprise Policy Administration logs which policies have been retrieved.

The following event will trigger one or more log entries in this page:

Executing a search

Consider the scenario where a user with log in name JONES executes a search that returns four policy accounts. The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0060, functionName=POLICY ACCOUNTS,
entity=POAO, relatedKey=AB3124}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0060, functionName=POLICY ACCOUNTS,
entity=POAO, relatedKey=CD5321}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0060, functionName=POLICY ACCOUNTS,
entity=POAO, relatedKey=4521XY}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0060, functionName=POLICY ACCOUNTS,
entity=POAO, relatedKey=124567}

Relations

This page can be opened by navigating the user interface as well as through deep links used e.g. reports based on OHI Enterprise Policy Administration base/functional views. This page may display a mix of organization and person records. Only the retrieval of the person records is monitored. Consider the scenario where a user with log in name JONES accesses the relations page and executes a search that returns three relations.

The following events trigger a log entry in this page:

Submitting a search
Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM03213}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0014, functionName=RELATIONS,
entity=PERS, relatedKey=MEM07895}

Persons

This page can be opened by navigating the user interface as well as through deep links used e.g. reports based on OHI Enterprise Policy Administration base/functional views. Consider the scenario where a user with log in name JONES accesses the persons page and executes a search that returns three persons.

The following events trigger a log entry in this page:

Submitting a search
Refreshing the page

The following information is logged:

2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM00231}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM03213}
2010/03/01 15:56:02 ... {keyword=RETRIEVAL, user=JONES, functionCode=RM0012, functionName=PERSONS,
entity=PERS, relatedKey=MEM07895}

Use cases

Scenario 1

To give an impression of what and when something is written to the log file in the common event that a user queries a policy to edit it, consider the following scenario. Note that the examples of the log display the cumulative entries, to give an impression how the log is extended with each entry.

User JONES opens the Search Policies page. He executes a search that returns 2 policies. Once the 2 search results are retrieved and displayed, the following lines are logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14532}

User JONES selects one of the search results (policy 14532) and opens the View and Edit Policy page for that policy. A new entry is logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14532}
2010/08/07 11:06:45 ...  {keyword=RETRIEVAL, user=JONES, functionCode=PO0001, functionName=VIEW AND EDIT
POLICY, entity=POLI, relatedKey=14532}

On the View and Edit Policy page user JONES opens the Policy Accounts and Transactions page for Policy Account AB3124. A new entry is logged:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14532}
2010/08/07 11:06:45 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0001, functionName=VIEW AND EDIT
POLICY, entity=POLI, relatedKey=14532}
2010/03/01 11:06:55 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0060, functionName=POLICY ACCOUNTS,
entity=POAO, relatedKey=AB3124}

Scenario 2

It is possible that two different users access policies. In the event that both users retrieve multiple policies with a single query, the log line entries may be interlaced. There is no guarantee that line entries that originate from the same query are always subsequent.

User JONES and user SMITH both execute a query in the Search Policies page at exactly the same time. Bot queries return three policies. The log could be appended as follows:

2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=12314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14432}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=15314}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=17784}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=17632}
2010/08/07 11:06:33 ... {keyword=RETRIEVAL, user=JONES, functionCode=PO0023, functionName=SEARCH POLICIES,
entity=POLI, relatedKey=14532}