Date of Last Review 5/2/08
SME: Director of Management Information Systems

Audit Controls

Purpose
 
This policy will define how data will be audited in information systems that contain or use electronic health information. If discrepancies are suspected contact MIS or UT Security at 713-741-4999.
 
 
The information database system authenticates the entering of all data, as well as any and all modifications made to that data. This is done in Sunrise and Invision.
Invision tracks which users have authenticated into the system and any authentication failures.
Sunrise does not have the capability to track which users have authenticated into the system and any authentication failures. This is being investigated to provide accurate accountability.
Sunrise has the capability to track what information was seen by the user.
On a quarterly basis departments send departmental lists of users and the systems they should have access to. The rights/access is reviewed by system administrators.
Invision login reports are viewed online on a weekly basis by system administrator.
Siemens and Zavata are responsible for monitoring their staff’s access and individual data to Invision.
Sunrise does not have login reports to be viewed.
Available audit logs are retained in Sunrise indefinitely. Invision logs hold 2000 transactions at any given time and can be printed out on a need basis.
Passwords are changed every 90 days.
Sunrise has no capability to lock out users after three failed attempts.
Invision disables user account after three password errors.
If the password is not changed when prompted, the user is locked out and will have to be re-set by a system administrator.
Only on certain processes, orders, documents, and tasks require a second signature in Sunrise.
Each year there is an audit conducted by UT.
Violations are detected using the Information Technology Security Procedure

 

Related standards

Texas Administrative Code Chapter 202

The Joint Commission : Management of Information

 

 

If you have questions regarding the content of this site please contact the Policy and Procedure Committee. If you experience any technical problems please contact the MIS Department.