Patient Records Journal / HIPAA Access Log

How AngelTrack tracks the access to PHI, and how you can comply with a patient's request for who's accessed their medical records

AngelTrack logs all reads of HIPAA-protected patient data.

The log is accessible to Administrators and Captains, under Settings.

This is Not Legal Advice

This document is not legal advice, and AngelTrack LLC does not provide legal counsel. This document is not a full or sufficient treatment of the subject. This document is not a substitute for professional legal advice.

You should consult your legal counsel before setting any contract prices, before offering any discount or gift to any customer, and before charging or accepting any bounty for delegated calls. 

HIPAA Requirement

AngelTrack's Patient Records Journal exists to satisfy the HIPAA requirement -- at §164.308(a)(1)(ii)(D) -- that all accesses of patient identifying information must be logged, and the log available for review. The journal shows who accessed the patient data, which patient they accessed, when they accessed it.

There is no way to modify or clear the Patient Records Journal. It will grow and grow, until records are automatically deleted after seven years.

You can view and sort the journal, filter by date range and patient name, and export the data to a CSV which you can view in Excel.

Actions That Trigger a Log Entry

The following actions in AngelTrack will trigger an entry in the journal:

  1. Accessing any of these pages:
    1. Patient Edit
    2. PCR Patient
    3. PCR Billing
    4. PCR PMHx
    5. Coding
  2. Opening the patient popup editor;
  3. Viewing or printing or downloading a PCR run report prinout;
  4. Using the offline PCR to run a call to which a patient record is attached;
  5. Downloading NEMSIS XML data;
  6. Pulling data from the Data Export Hub / Report Builder via any of these datasets:
    1. Dispatches-PatientIdent
    2. Patients
    3. Patients-Seen
  7. Accessing any other view of the patient's PMHx or billing data.

Using the Journal for Data Leak Forensics

If you experience a leak of HIPAA-protected data and need to trace it back to a specific employee, the Patient Records Journal is the starting place. The journal can list all the dates and times that a particular patient record was accessed, and by whom. Once you rule out the appropriate accesses by dispatchers, crew members, QA reviewers, and billers, any other accesses will be leads in your investigation.

To learn more, read the Data Leak Forensics Guide.