1. Home
  2. Moldova standards
  3. STM
  4. St ASTM E2147-18

ASTM E2147-18 PDF

St ASTM E2147-18

Name in English:
St ASTM E2147-18

Name in Russian:
Ст ASTM E2147-18

Description in English:

Original standard ASTM E2147-18 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ASTM E2147-18 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
200 business days
SKU:
stastm12883
Choose Document Language:
€15

Full title and description

ASTM E2147-18 — Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems. This specification defines minimum technical and procedural requirements for designing, implementing, and maintaining audit logs and disclosure logs that document access to and disclosure of patient-identifiable health information in electronic and manual systems.

Abstract

This specification describes security requirements for the development and implementation of audit and disclosure logs used in health information systems. It specifies how to design access audit logs to record all access to patient-identifiable information, the data elements to be recorded (for example, user identity, location, date/time, and actions), principles for disclosure logs, and guidance for retention and management of audit data to provide a permanent, self‑authenticating record for oversight, legal, and privacy purposes.

General information

  • Status: Active.
  • Publication date: May 1, 2018 (designation E2147‑18).
  • Publisher: ASTM International.
  • ICS / categories: 35.240.80 (IT applications in health care technology).
  • Edition / version: E2147‑18 (2018).
  • Number of pages: 7.

Scope

Applies to the development and implementation of secure audit data and disclosure logs for electronically stored health information and to principles for implementing equivalent logging in manual (paper) environments where applicable. The specification covers logging of actions that create, change, delete, or view patient records; required metadata (user identity, location, date/time); requirements for immutable, computer‑generated, time‑stamped logs; and retention guidance (audit data should be retained at least as long as the corresponding medical record — generally not less than ten years or two years after a minor reaches majority unless longer periods are required by law).

Key topics and requirements

  • Definition and function of system access audit logs and disclosure logs.
  • Required audit data elements: user identification, location, date/time stamps, action type (create/read/update/delete), and affected patient/data elements.
  • Principles for immutable, self‑authenticating logs (automatic, secure, time‑stamped generation).
  • Procedural guidance for policies, procedures, and access to audit/disclosure logs.
  • Retention and archival requirements tied to medical‑record retention and legal holds.
  • Applicability to both electronic and manual (paper) record environments and to disclosures to external parties.

Typical use and users

Used by EHR and health IT vendors (to design logging features), healthcare providers and organizations (to implement audit and disclosure logging for compliance and oversight), compliance and privacy officers, health information exchanges and data intermediaries, auditors, legal counsel and litigation teams, and researchers/IT security teams assessing access to patient data.

Related standards

Referenced and used alongside national regulatory requirements (for example, the U.S. HHS rule at 45 CFR 170.210 references ASTM E2147‑18 for audit log IBR), health IT interoperability standards and privacy/security frameworks (HL7 profiles, 21 CFR Part 11 where applicable), and organizational information security standards (for example, ISO/IEC and NIST guidance).

Keywords

audit log, disclosure log, electronic health record, EHR, health information systems, access logging, retention, immutability, patient privacy, security, audit trail.

FAQ

Q: What is this standard?

A: ASTM E2147‑18 is a specification that sets out technical and procedural requirements for audit and disclosure logs used to track access to and disclosure of patient‑identifiable health information in health information systems.

Q: What does it cover?

A: It covers the nature and purpose of audit logs and disclosure logs, required data elements to record (who, where, when, what action), principles for secure and immutable logging, policy and procedural guidance, and retention/archival expectations tied to medical records.

Q: Who typically uses it?

A: EHR/health IT vendors, healthcare organizations, privacy and compliance officers, auditors, legal teams, and any organization responsible for maintaining or disclosing patient‑identifiable health data.

Q: Is it current or superseded?

A: As published in 2018 (designation E2147‑18), the standard is listed as active; it supersedes earlier versions and serves as the current ASTM specification for audit and disclosure logs unless subsequently revised or withdrawn by ASTM.

Q: Is it part of a series?

A: It was developed by ASTM Committee E31 (subcommittee E31.25 on Healthcare Data Management, Security, Confidentiality, and Privacy) and is related to other ASTM health informatics work but is a standalone specification focused on audit and disclosure logging.

Q: What are the key keywords?

A: audit log; disclosure log; audit trail; electronic health record; health information systems; access logging; retention; immutability; patient privacy; security.