scope:

Health(care) records form persistent evidence of health status and the provision and completeness of health(care) services, being retained in electronic and/or other media. Health(care) records often contain Protected Health Information (PHI), typically defined as "individually-identifiable health information", and thus incur safeguards exceeding the ordinary. The prime unit of health(care) record-keeping is the Entity/Act Record, the authenticatable unit of the health record, evidencing (documenting) the performance/completion of an Act by an Entity and preserving the Accountability Context of the Entity for the Act. (Note that the Entity/Act is central to Health Level Seven's Version 3 Reference Information Model.) Trusted stewardship, retention and interchange of Entity/Act Records/PHI requires vital safeguards such as traceability and audit. This Technical Report offers an information flow methodology for units of the health(care) record/PHI, particularly the Entity/Act Record, and specifies critical Trace Points (audit events) in that flow including: record/PHI origination, authentication, amendment, translation, access/use, transmittal/disclosure, receipt, de-identification/re-identification, archival, etc. This Technical Report offers an informative guide to trusted end-to-end information flow for health(care) records and to the key Trace Points and audit events in the electronic Entity/Act Record lifecycle (from point of record origination to each ultimate point of record access/use). It also offers recommendations regarding the trace/audit detail relevant to each. This Technical Report offers recommendations of best practice for healthcare providers, health record stewards, software developers and vendors, end users and other stakeholders, including patients.