A National Minimum Health Log Standard; SAMILOG

Abstract

Aim: Health data is considered highly sensitive, and the protection of health data is an ethical and legal responsibility. Healthcare organizations use various security measures and techniques to adopt a secure electronic health records system, including keeping log data. HIS developers kept the log records according to their needs by making the necessary coding for the "change-delete" triggers. Therefore, the need to develop a common standard for keeping diaries in health information systems was felt. This standard was considered a guide for software developers. This standard was named SAMILOG (Minimum Log Standards in Health). In this study, the development process of SAMILOG is explained. Method: Focus group meetings were held with seven developer companies. Several scenarios of unauthorized access or data breaches in a health information system were created. The participants discussed each scenario and evaluated the best methods for keeping logs and which data should kept log in each case. Previously, a standard called VEM was developed to assist data migration, when HIS software of a hospital changes. The data field names of VEM standard were also used in this new standard. Results: In SAMILOG 1.0, it was defined which of the data elements in each VEM set should be logged, it required an update for SAMILOG as the VEM was updated. Conclusion: SAMILOG v1.0 was announced in 2016. In case of a security breach related to the past in the health data of public hospitals in Turkey, primarily the data logged within the scope of SAMILOG are examined.