Audit Trail

16 December 2010

Q. What is an audit trail and what audit trail should a GP practice software system provide?

A. When you log onto your practice information system you provide your user name and password. The information system tracks your activities as you work in the electronic record. Typically, the system will track additions, changes or deletions you make to a patient record. For example, if you prescribe amoxicillin for a respiratory tract infection, the information system will know who prescribed, what they prescribed and when they prescribed. All this information is written, in the background, to an audit log.

A GP practice software system should provide the audit capability for system access and usage indicating the author, the modification (where pertinent), and the date and time at which a record was created, modified, extracted or deleted. Where an existing record was modified, the audit trail should contain the old and new versions of the modified record. Software systems accredited by the GPIT Group fulfill these capabilities. Older, non-accredited systems may not. A full description of the audit trail needed is described on page 86 of the document 'Requirements for Certification 2007' which is available from the publications and reports section of the GPIT web site, www.gpit.ie. The next cycle of software certification is likely to include the requirement to audit views of the records. This means that opening a record to view its contents will be logged.