Use Cases Administration/ Security Log Report

Glossary

1

EMR

Electronic Medical Record

2

MRP

Most Responsible Physician

3

OMD

Ontario Medical Documentation

1. Administration/ Security Log Report

1.1 Summary

1.1.1 Business Need

Defined users:

  1. Super User/Administrator with full rights:

  • Add/Edit/Delete

  • Reactivate account

  • Access to admin part of the OSCAR

Main purpose of Administration/ Security Log Report is:

  1. To complete audit trail of medical records

  2. To make sure that data cannot be altered, removed or deleted

  3. To log all activities (medical and non-medical)

  4. To print Security Log Report

  5. To set default drugref warning level for clinic

1.1.2. Description

Administrator is able to track who has been logging into the Admin screen or regular Log In screen using Security Log Report function and log all activities that have been performed. Administration/ Security Log Report use cases are designed to complete Audit Trail of medical records for a provider/ all providers based on the date range (start/ end). All activities must be logged (ie Log In, update, edit) including date and time, content, keywords, IP address, provider name, etc. and medical records information must be retained. Security Log Report data must not be altered, removed or deleted. User should be able to print Security Log Report and Audit Trail must make sense without having the computer in front of you (all data should be printed and user does not need to verify it again).

Audit trail report must log all add/change/delete operations on non-medical record data (non-medical data includes provider stuff such as add providers, change passwords, role creation/changes, etc.)

User with Admin privileges should have ability to set default drugref warning level for the clinic.

1.1.3. Pre-action requirements/state:

OSCAR McMaster Test Version 12.1, system, and DB are up, configured and working as expected.

1.1.4. Post-action state:

  1. OSCAR McMaster Test Version 12.1 is running and behaving as expected.

  2. OSCAR McMaster Test Version 12.1 has all functionality prior to the change (outside of removing functionality intentionally)

1.2 Flow of Events

This section describes the main flow of the Use Case and system responses.

Generate Security Log report

Num.

Step

Description

System Response

User

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

Access Security Log Report

Select Administration Tab → System Reports → Security Log Reports

Security Log Reports page appears in a new window

Super User

4

Generate audit trail of medical records

Complete audit trail of medical records

Audit trail of medical records is generated

Super User

1.2.1 Alternate Flows of Events

This section describes the alternative flow of events based on variations in the main Use Case scenario that still result in a Successful End Condition at completion of the Use Case.

Alternate Flow 1

All activities cannot be altered, removed or deleted

Num.

Step

Description

System Response

User

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

Access Security Log Report

Select Administration Tab → System Reports → Security Log Reports

Security Log Reports page appears in a new window

Super User

4

Generate audit trail of medical records

Complete audit trail of medical records

Audit trail of medical records is generated

Super User

5

Log all activities

Verify that all activities are logged (not just add/delete/modify but also including simply who accessed the data and when)

All activities are logged

Super User

6

Data cannot be updated or deleted

Verify that user is not able to alter, remove, or delete Data

User is not able to alter, remove, or delete Data

Super User

Alternate Flow 2

Medical records info must be retained

Num.

Step

Description

System Response

User

 

Pre-condition

Medical records are available to view

 

 

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

 

Access Security Log Report

Select Administration Tab → System Reports → Security Log Reports

Security Log Reports page appears in a new window

Super User

4

Generate audit trail of medical records

Complete audit trail of medical records

Audit trail of medical records is generated

Super User

5

Verify Medical records information history

Verify that Medical records info are retained

Medical records info are retained

Super User

Alternate Flow 3

Security Log Report is printable

Num.

Step

Description

System Response

User

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

Access Security Log Report

Select Administration Tab → System Reports → Security Log Reports

Security Log Reports page appears in a new window

Super User

4

Generate audit trail of medical records

Complete audit trail of medical records

Audit trail of medical records is generated

Super User

5

Print Security Log Report 

Verify that Security Log Report is printable

Security Log Report is printed

Super User

6

Printed audit trail contains user readable records

Verify that printed audit trail must make sense without having the computer in front of you

 (all data should be printed and user does not need to verify it again)

Printed audit trail must make sense without having the computer in front of you

Super User

Alternate Flow 4

Non-medical data includes provider's actitvities

Num.

Step

Description

System Response

User

 

Pre-condition

Non-medical records are available to view (add, change passwords, role creation/changes, etc)

 

 

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

Access Security Log Report

Select Administration Tab → System Reports → Security Log Reports

Security Log Reports page appears in a new window

Super User

4

Generate audit trail of non-medical records

Complete audit trail of non-medical records

Audit trail of non-medical records are generated

Super User

5

Verify non-medical records information

Verify that non-medical data includes provider activities and non-medical records info is available to view

Non-medical data includes provider activities and non-medical records info is available to view

Super User

Alternate Flow 5

Set default drugref Warning Level for clinic

Num.

Step

Description

System Response

User

1

Connect to the OSCAR main page

Launch URL: http://192.168.1.202:8080/Oscar12_1/index.jsp

OSCAR main page with the login is opened

Super User

2

Log In

Enter user's valid credentials (User Name / Password/2nd Level Pass code if applicable)

By entering right credentials user is getting system verification acceptance

Super User

3

Access Facilities page

Select Administration Tab → System Management → Manage facilities

Facilities page appears in a new window

Super User

4

Set up Drugref warning Level for Clinic

Verify that default drugref Warning Level for clinic can be set

Default Interaction Warning Level for clinic is set

 

Super User

1.2.2 Exception Flows of Events (Negative)

N/A