Back to Details

healthcare-audit-logger

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Healthcare Audit Logger

医疗保健审计日志器

Comprehensive HIPAA audit logging and event tracking skill for AI agents. Generates immutable audit trails for healthcare systems, tracks PHI access, monitors authentication events, and ensures compliance with 45 CFR §164.312(b) audit control requirements.
为AI Agent打造的全面HIPAA审计日志与事件跟踪Skill。可为医疗保健系统生成不可篡改的审计追踪,跟踪PHI访问,监控身份验证事件,并确保符合45 CFR §164.312(b)审计控制要求。

Capabilities

功能特性

  1. Audit Log Generation - Create HIPAA-compliant audit logs with immutable records
  2. Event Classification - Categorize healthcare events (access, modification, deletion, export)
  3. PHI Access Tracking - Log all access to Protected Health Information
  4. Authentication Logging - Record login, logout, and privilege escalation events
  5. Modification Auditing - Track who changed what, when, and why for PHI records
  6. User Activity Monitoring - Follow user workflows and data interactions
  7. Timestamp Management - Synchronized UTC timestamps with tamper detection
  8. Retention Policies - Manage audit log retention per HIPAA requirements (6+ years)
  9. Log Export - Generate compliance reports and audit summaries
  10. Integrity Verification - Validate audit log authenticity and non-repudiation
  1. 审计日志生成 - 创建符合HIPAA要求的审计日志,包含不可篡改的记录
  2. 事件分类 - 对医疗保健事件进行分类(访问、修改、删除、导出)
  3. PHI访问跟踪 - 记录所有受保护健康信息(PHI)的访问行为
  4. 身份验证日志记录 - 记录登录、登出及权限提升事件
  5. 修改审计 - 跟踪谁在何时因何原因修改了PHI记录
  6. 用户活动监控 - 追踪用户工作流及数据交互
  7. 时间戳管理 - 同步UTC时间戳并具备篡改检测功能
  8. 保留策略 - 根据HIPAA要求管理审计日志保留期限(6年以上)
  9. 日志导出 - 生成合规报告及审计摘要
  10. 完整性验证 - 验证审计日志的真实性与不可否认性

Usage

使用方法

/healthcare-audit-logger [command] [options]
/healthcare-audit-logger [command] [options]

Commands

命令

  • init <config-file>
    - Initialize audit logging for a healthcare system
  • log <event-type> <details>
    - Log a healthcare event
  • log-access <user> <resource> <action>
    - Log PHI access
  • log-auth <user> <event> <result>
    - Log authentication event
  • log-modification <user> <resource> <change>
    - Log data modification
  • policy <retention-years>
    - Set audit log retention policy
  • report [date-range]
    - Generate audit report
  • verify <log-file>
    - Verify audit log integrity
  • export <format> <output>
    - Export audit logs (JSON, CSV, XML)
  • init <config-file>
    - 为医疗保健系统初始化审计日志功能
  • log <event-type> <details>
    - 记录医疗保健事件
  • log-access <user> <resource> <action>
    - 记录PHI访问行为
  • log-auth <user> <event> <result>
    - 记录身份验证事件
  • log-modification <user> <resource> <change>
    - 记录数据修改行为
  • policy <retention-years>
    - 设置审计日志保留策略
  • report [date-range]
    - 生成审计报告
  • verify <log-file>
    - 验证审计日志完整性
  • export <format> <output>
    - 导出审计日志(JSON、CSV、XML格式)

Options

选项

  • --user <id>
    - User identifier
  • --resource <path>
    - Resource being accessed (patient ID, record ID)
  • --action <type>
    - Action type (read, write, delete, export)
  • --reason <text>
    - Clinical reason for access
  • --outcome <status>
    - Success or failure status
  • --timestamp <iso8601>
    - Event timestamp (default: now)
  • --retention <years>
    - Log retention period (default: 6 years per HIPAA)
  • --user <id>
    - 用户标识符
  • --resource <path>
    - 被访问的资源(患者ID、记录ID)
  • --action <type>
    - 操作类型(读取、写入、删除、导出)
  • --reason <text>
    - 访问的临床原因
  • --outcome <status>
    - 操作结果(成功或失败)
  • --timestamp <iso8601>
    - 事件时间戳(默认:当前时间)
  • --retention <years>
    - 日志保留期限(默认:符合HIPAA要求的6年)

Workflow

工作流程

Follow this workflow when invoked:
被调用时请遵循以下工作流程:

Step 1: Configure Audit System

步骤1:配置审计系统

Ask user to specify:
  • Healthcare system type (EHR, medical records, data warehouse)
  • Sensitive resources (patient records, medical images, test results)
  • User roles and access levels
  • Audit log storage location and format
请求用户指定:
  • 医疗保健系统类型(电子健康记录EHR、医疗记录、数据仓库)
  • 敏感资源(患者记录、医学影像、检测结果)
  • 用户角色及访问级别
  • 审计日志存储位置及格式

Step 2: Design Audit Schema

步骤2:设计审计Schema

Create logging schema including:
  • Event types to track
  • User role classifications
  • Resource categories
  • Access justification requirements
  • Timestamp precision (milliseconds for audit accuracy)
  • Log entry format (structured JSON recommended)
创建日志记录Schema,包含:
  • 需跟踪的事件类型
  • 用户角色分类
  • 资源类别
  • 访问理由要求
  • 时间戳精度(毫秒级,确保审计准确性)
  • 日志条目格式(推荐结构化JSON)

Step 3: Implement Audit Logging

步骤3:实施审计日志记录

Instrument key points:
  • Authentication/authorization gates
  • PHI access checkpoints
  • Data modification operations
  • Export/external sharing events
  • System configuration changes
  • Access permission changes
在关键节点植入日志记录:
  • 身份验证/授权网关
  • PHI访问检查点
  • 数据修改操作
  • 导出/外部共享事件
  • 系统配置变更
  • 访问权限变更

Step 4: Validate Compliance

步骤4:验证合规性

Ensure audit logs capture:
  • User ID - Who accessed the information (45 CFR §164.312(b)(2)(i))
  • Workstation ID - Which computer was used
  • Date & Time - When access occurred (UTC with timezone)
  • Action Performed - Read, write, delete, export, etc.
  • Resource Accessed - Patient ID, record type, data elements
  • Outcome - Success or failure of operation
  • Reason/Justification - Clinical or operational purpose
  • Result - Changes made or information retrieved
确保审计日志捕获以下信息:
  • 用户ID - 谁访问了信息(符合45 CFR §164.312(b)(2)(i)要求)
  • 工作站ID - 使用的计算机
  • 日期与时间 - 访问发生的时间(带时区的UTC时间)
  • 执行的操作 - 读取、写入、删除、导出等
  • 访问的资源 - 患者ID、记录类型、数据元素
  • 结果 - 操作成功或失败
  • 理由/正当性 - 临床或运营目的
  • 操作结果 - 所做的更改或获取的信息

HIPAA Compliance Mapping

HIPAA合规映射

ControlRequirementImplementation
§164.312(b)Audit ControlsImplement comprehensive logging
§164.312(b)(2)(i)User IdentificationLog all user access with unique IDs
§164.312(b)(2)(ii)Emergency Access LogSeparate tracking for emergency access
§164.308(a)(3)(ii)(B)Workforce SecurityTrack privilege changes and role assignments
§164.308(a)(5)(ii)(C)Log-in MonitoringLog authentication attempts and outcomes
§164.312(a)(2)(i)Access ControlsAudit access permissions and changes
§164.312(c)(2)EncryptionLog encryption key operations
§164.314(a)(2)(i)Partner AgreementsLog external system access
控制项要求实现方式
§164.312(b)审计控制实施全面的日志记录
§164.312(b)(2)(i)用户身份识别记录所有用户访问行为及唯一ID
§164.312(b)(2)(ii)紧急访问日志单独跟踪紧急访问行为
§164.308(a)(3)(ii)(B)员工安全跟踪权限变更及角色分配
§164.308(a)(5)(ii)(C)登录监控记录身份验证尝试及结果
§164.312(a)(2)(i)访问控制审计访问权限及变更
§164.312(c)(2)加密记录加密密钥操作
§164.314(a)(2)(i)合作方协议记录外部系统访问行为

Example Audit Log Entry

示例审计日志条目

json
{
  "event_id": "evt_20250207143556_abc123",
  "timestamp": "2025-02-07T14:35:56.123Z",
  "user_id": "dr_jane_smith",
  "user_role": "physician",
  "workstation_id": "ws_04_floor2",
  "action": "read",
  "resource_type": "patient_record",
  "resource_id": "pat_98765", // Encrypted in production
  "data_accessed": ["demographics", "lab_results", "vitals"],
  "clinical_reason": "Patient follow-up appointment",
  "access_result": "success",
  "duration_ms": 45,
  "ip_address": "10.24.5.12", // Masked in logs
  "hipaa_rule": "§164.312(b)(2)(i)"
}
json
{
  "event_id": "evt_20250207143556_abc123",
  "timestamp": "2025-02-07T14:35:56.123Z",
  "user_id": "dr_jane_smith",
  "user_role": "physician",
  "workstation_id": "ws_04_floor2",
  "action": "read",
  "resource_type": "patient_record",
  "resource_id": "pat_98765", // 生产环境中加密
  "data_accessed": ["demographics", "lab_results", "vitals"],
  "clinical_reason": "患者随访预约",
  "access_result": "success",
  "duration_ms": 45,
  "ip_address": "10.24.5.12", // 日志中已掩码
  "hipaa_rule": "§164.312(b)(2)(i)"
}

References

参考资料

  • 45 CFR §164.312(b) Audit Controls
  • 45 CFR §164.308(a)(5)(ii)(C) Log-in Monitoring
  • NIST SP 800-66 Rev. 2 - HIPAA Security Implementation Guidance
  • NIST SP 800-92 - Guide to Computer Security Log Management
  • HHS Office for Civil Rights Audit Protocols
  • 45 CFR §164.312(b) 审计控制
  • 45 CFR §164.308(a)(5)(ii)(C) 登录监控
  • NIST SP 800-66 Rev. 2 - HIPAA安全实施指南
  • NIST SP 800-92 - 计算机安全日志管理指南
  • HHS民权办公室审计协议