Audit trail of the late Samuel Jacob Fisher's Electronic Health Record

Lyn Copland made this Official Information request to Capital and Coast District Health Board

Response to this request is long overdue. By law Capital and Coast District Health Board should have responded by now (details and exceptions). You can complain to the Ombudsman.

From: Lyn Copland

Dear Capital and Coast District Health Board,

I write to you as the administrator of my sons estate, the late Samuel Jacob Fischer who was a patient at Te Whare o Matairangi psychiatric inpatient facility between January 31st 2015 to the time of his discharge to the Wellington Hosptial's Intensive Care Unit where he died on the 20th April 2015.

I request pursuant to any legislation including but not withstanding the Official Information Act 1982, and/or the Health Act 1956, and/or the Health Information Privacy Code:

1) The audit trail of all attempted login and successful login activity to my son Samuel's Electronic Health Record (EHR) between 1800hrs Friday 17th April 2015 up until the time in which this information is provided.

This is including but notwithstanding any information on the CCDHB 'Concerto' IT system and shared care 3DHB system referred to by staff as the 'E-Tree'.

2) Include in the release of point 1 above, the record of:
a) all persons who accessed the EHR
b) details and confirmation of the privileges of persons identified in point 2a) above
c) their user identifier
d) the date and time of access
e) the location of access and electronic device from which it was accessed from
f) the duration of all activity including view-only activity

This information will be easily available and on hand as the HISO 10029:2015 Health Information Security Framework standard for the New Zealand health and disability sector requires the designated EHR System administrator to

i) keep an audit trail of all login attempts to any EHR system including successful login activity. The log will include at least user identifier, date, time, location, and duration of all user activity within an application (including view-only activity).

ii) to maintain and monitor a secure physical log book or electronic audit trail of all access.

I understand that District Health Boards are legally obliged to provide this information within the legislated time frame.

Yours sincerely
Mrs Lyn Copland

Link to this

Things to do with this request

Anyone:
Capital and Coast District Health Board only: