Explanations are reasons why an access to a patient’s electronic medical record (EMR) took place. The system automatically discovers explanations, and represents them as appropriate or suspicious using the icons below:
Explanations align with an organization’s acceptable use
policies, since they determine what is an inappropriate vs. an appropriate
Explanations are validated against documented encounters in the EMR and
are enforced within the system when approved.
They can be modified to meet an organization’s unique workflow, and new
explanations can be created manually. If the system can’t find an explanation
for an access, it is labeled unexplained.
Unexplained accesses are neutral and require additional input from users to
explanations come from?
Maize Explanation Based Auditing System (EBAS) integrates multiple
datasets to find explanations:
EMR Access Events (audit trails)
Patient Encounters (appointments, orders, etc.)
Human Resources Employee Data
The system uses machine-learning algorithms to find clinical and
operational reasons for EMR accesses. Explanations are specific to each
organization, since they are found by evaluating the combined datasets, and
making connections between unique user and patient relationships.
There are many reasons why a user may access a patient’s record.
Explanations can include encounters,
such as a patient having an appointment with a user. They can also include suspicious
accesses, such as self-access:
Encounter – Interaction
between a user and a patient (appointment, order, etc.). Encounters are documented in the EMR and
provide a connection between the accessing user and the patient.
Note: Patient encounters are displayed on the View Full
Access page under Patient Encounter Info. This section lists ALL patient
encounters (occurring within the date range), along with the user that had the
encounter with the patient. This information is documented in the EMR. When
doing a manual review the audit team would log in to the EMR to find documented
evidence (user was part of the patient’s treatment team). Within
EBAS, this determination is automatically made.
Access – Individually
logged instance, or audit trail, of a user’s access to a patient’s record (i.e.
what a user clicked on).
Note: Access events are
represented in Search results, as well as within the View Full Access page
Access Details. Access events
represent what a user “clicked” on, NOT
that they had a clinical or operational encounter with the patient. This is the same information (audit trail)
that an audit team sees if they run an audit on a patient or user.
Explanations should align with the organization’s acceptable use policy. It’s important to validate explanations the system found, to ensure they meet your organization’s guidelines.
See a list of explanations the system found in your organization’s data by clicking the gears icon. With Maize-supervised machine-learning, you can turn explanations “on” or “off” to enforce future audits. You can also change which explanations appear as filters vs. flags. Active explanations will be applied to future audits. Inactive explanations will not. Check that active explanations are consistent with your organization’s policies.
During the implementation process, the system automatically
activates explanations as it finds patient/user connections. These include
encounters that are documented in the EMR and provide a connection between
patients and users who may need to access their records. You can validate these
explanations by following the steps below:
1. Go to the Search page and type any of the encounter(s), listed in your organization’s explanation list, in the Explanation box (located under Search Options).
2. Click the Flag or Check next to any access to reveal all the explanations why this access may have occurred.
1. From the Search results, click the "i" icon to the left of any access to View Full Access.
The View Full Access page provides more details about a particular
access event. It also outlines encounters between the patient and other users in
the organization. Checking these details can further help validate the system’s
findings and provides context for the particular access event.
See how effectively the system finds explanations for patient record accesses by clicking Reports. A list of all existing reports is at the bottom of the page. View reports using the links on the right side:
Each explanation report contains summary data about the total number of users, patients, and accesses—broken down by type (flagged, filtered, etc.). It also includes the proportion of accesses attributable to each explanation, and which departments had the highest number of unexplained accesses: