Auditing Patient Records

For HIPAA audit purposes, Kadlec Regional Medical Center tracks and keeps in a database every time someone looks at a patient record. They use Boston WorkStation to do daily extracts of audit data. BWS FTPs the extracts to a “FairWarning Server”. The result may be analyzed to ensure patient record security.

The script has two variations. One is a daily unattended run at a specified time, to create individual export files with a log file that is emailed to indicate the activity performed.

The other is for historical purposes. Two copies of the script are created for historical exports. One script runs the report off the Archived copy of the database, and the other runs off the production database. Both databases are provided with a starting date and ending date, and run one select and export for each date. A log file is maintained similar to the one created for the daily log.