Patient Records Journal

AngelTrack logs all reads of HIPAA-protected patient data.

The log is accessible to Administrators and Captains, under Settings.

HIPAA Requirement

AngelTrack's Patient Records Journal exists to satisfy the HIPAA requirement -- at §164.308(a)(1)(ii)(D) -- that all accesses of patient identifying information must be logged, and the log available for review. The journal shows who accessed the patient data, which patient they accessed, when they accessed it.

There is no way to modify or clear the Patient Records Journal. It will grow and grow, until records are automatically deletedafter two years.

You can view and sort the journal, filter by date range and patient name, and export the data to .CSV.

Actions That Trigger a Log Entry

The following actions in AngelTrack will trigger an entry in the journal:

1. Accessing any of these pages:
   1. Patient Edit
   2. PCR Patient
   3. PCR Billing
   4. PCR PMHx
   5. Coding
2. Opening the patient popup editor;
3. Viewing or printing or downloading a PCR run report;
4. Downloading NEMSIS XML data; or
5. Accessing any other view of the patient's PMHx or billing data.

Using the Journal for Data Leak Forensics

If you experience a leak of HIPAA-protected data and need to trace it back to a specific employee, the Patient Records Journal is the starting place. The journal can list all the dates and times that a particular patient record was accessed, and by whom. Once you rule out the appropriate accesses by dispatchers, crew members, QA reviewers, and billers, any other accesses will be leads in your investigation.

To learn more, read the Data Leak Forensics Guide.