Access to DoD Sensitive Data

All JLV users will be audited each time a sensitive DoD record is accessed in the Outpatient Encounters, Documents, Lab Panel Results, Lab Results, or Progress Notes widget, regardless of how many times the user has previously viewed it. This includes viewing multiple times in the same user session—when a user accesses and closes the sensitive record and then opens the same record or views the record a second time, the user will be asked to agree to be audited again. JLV will notify users before they are audited. This message is triggered when the user clicks the masked record (i.e., ** Sensitive **). After the user selects his/her purpose to view the record and agrees to be audited, sensitive data will appear in the Details view of the JLV widget. The record will be masked in all widget views before and after viewing the sensitive record; the data will only appear unmasked in the Details view.

 

For each attempt to access sensitive data (successful or unsuccessful), JLV will record the user’s organization, user name, user SSN/EDIPI (for DoD users), user PIV (for VA users), user location, patient (including identifiers: Patient Last, First Name, MI; SSN/EDIPI (DoD only), MVI (VA only); DOB), data accessed (e.g., unique note identifier), date/time, and reason for access (e.g., Emergent Care, Clinical Care, and Authorized Administrative Use). Audit information will be sent to and stored in the JLV Database.

 

The following figure highlights masked data in the Lab Results widget. Clicking on this record will open the DoD Sensitive Record window which begins with the text, This record is marked sensitive and should only be viewed if necessary, as per the HIPAA principle of minimum use. In this window, you must first select an authorized purpose for accessing the record before clicking Agree to be Audited & Access this Sensitive Record. If you do not wish to be audited, click Cancel to return to the widget display.

 

LabResultsMinimizedSensitiveWarning.PNG

 

Related topics: