At present, the American Recovery and Reinvestment Act (ARRA) requires health care systems to be able to audit access to protected health information (PHI) of patients. PHI includes any information about the health status, provision of health care, or payment for health care that can be linked to a specific individual. As such, access to protected health information of a patient such as, for example, the patient's name, birthdate, social security number, address, etc. is generally required to be audited or detected per the ARRA.
Current health care applications may include functionality for auditing access to protected health information by that particular health care application. However, the functionality is often closely tied to the application and, therefore, limited to actions taken within or using the corresponding application alone. In this regard, some items of protected health information may not be adequately audited in existing health care systems operating multiple health care applications having varied auditing capabilities.
Additionally, since existing approaches often only audit accessing of protected health information by a particular health care application in which the auditing functionality is embedded, the existing approaches may be unable to detect an instance in which a third party hacks into the health care system and accesses protected health information outside of one of these health care applications. As such, the existing solutions may be unaware that the third party accessed the protected health information.
In view of the foregoing drawbacks, it may be beneficial to provide a more efficient and reliable manner in which to audit access to protected health information.