A question was asked regarding the audit trail of medical records and medical records in general regarding ediscovery. Here are some links I hope will be helpful in answering your questions:
https://www.studystack.com/flashcard-1234566
https://www.millerandzois.com/document-requests-medical-malpractice.html
Here are some articles regarding audit trail information:
https://blog.montrium.com/blog/understanding-audit-trail-requirements-in-electronic-gxp-systems
See below from: http://www.macadamian.com/guide-to-healthcare-software-development/test-strategies-for-hipaa-compliancy/
Also on the above link there is a PDF downloadable file with more information available.
After sanity testing, you should also conduct a more thorough analysis of the audit trail. Depending on the format of the audit trail (for example, it could be log files, database entries, etc.) you might use comparison tools to verify that the entries produced match previously constructed benchmarks of expected entries.
Perform the following verification:
That all expected audit trail entries exist, for every operation performed on the EPHI (electronic protected health information).
Make use of the Roles Matrix to ensure no operations (performed by each role) are missed when writing detailed test cases that specify exactly which entries are expected.
Also ensure that entries are created for actions performed on all types of devices, including mobile
That each audit trail entry contains the following information:
Date and timestamp of the action
The user id / name of the user performing the action
The access level of the user
The patient record id (if applicable) on which the action was performed
The action performed or attempted
The specific application component from which it was performed (e.g., billing vs. patient charting)
The location or system id (if applicable) from which the action occurred (e.g., the hospital or clinic’s NPI (National Provider Identifier)
Entries conform to the software’s clarity requirements, and that the audit trail can be easily followed, if necessary for a future investigation.
Entries cannot be removed from the audit trail.
Audit trail can only be viewed by certain user accounts.
All attempts to breach security are recorded in the audit trail in such a way that they stand out for easy identification.
Audit trail is encrypted.
Find more information on implementing an audit trail in our technology section.
In addition to the encryption verification performed on the database and audit trail during the sanity testing stage, also use a network analyzer tool (such as Wireshark) to ensure EPHI (electronic protected health information) is encrypted during:
Data access between all workstations and mobile devices on which the application is installed and the database.
Data transfers to an external location.
The movement of data to an offline storage location.
If the application under test involves healthcare business practices like the electronic transfer of claims transactions, remittance advices, enrollment and eligibility transactions, then the test strategy should ensure that the proper EDI (electronic data interchange) X12 formats are used for these processes.
Also verify that the application provides an explanation of correct data use prior to access. Depending on the application, this could be in the form of verifying there is a help page available for each specific operation that involves EPHI (electronic protected health information), or testing of a training version of the application that allows users to see how the application works before granting access to real EPHI.