Audit Responsibility and Workflow

The portal has an optional feature called audit report check. This feature may be enabled and enforced in your portal. It can help ensure that your group/practice is safeguarding protected health information (PHI) and using the portal in compliance with your organization's legal, privacy, and security policies. Your designated group/practice administrator may be authorized and required to run audit reports and participate in the periodic user access review (PUAR) workflow. See the Help topics below for more information about audit responsibility, PUAR workflow, and audit report check. 

Audit Responsibility and Workflow Help

- Periodic User Access Review Workflow
Authorization
Audit Requirement
Audit Report Check
Audit Report Review Responsibility Message
Reports to Monitor Audit Report Review Responsibility Status
Audit Report Review
Audit Report Review Message for Group/Practice Administrators
Audit Report Review Message for Group/Practice Users
Audit Report Review Message for Group/Practice Administrators When Zero Days Remain in Grace Period
System Notification - Group/Practice Administrator Limited Functionality
System Notification - User Locked Out
- Run Audit Reports Before Grace Period
Run Audit Reports During Grace Period
- Run Audit Reports When Zero Days Remain in Grace Period
Export Reports to Microsoft Excel 
Tips for Reviewing Commonly Used Audit Reports
System Available Email
- A - Audit Report History Report
- Audit Report Review FAQs

Periodic User Access Review Workflow

The periodic user access review (PUAR) workflow is part of the audit report check feature. The purpose of the workflow is to help facilitate regular review of designated audit reports by authorized group/practice administrators. This helps to ensure that patient health information is safeguarded, and that users are using the portal in compliance with your organization's policies.

Enhanced PUAR workflow describes functionality that is available in the latest version of the audit report check feature. 

Authorization

To participate in the PUAR workflow, you must be authorized to run audit reports and have additional authorization for the PUAR workflow. If you are designated as a group/practice administrator, you may be authorized and required to participate in the PUAR workflow for your group/practice. Other administrators, such as portal administrators, may be authorized to monitor the overall status of the PUAR workflow.  

Audit Requirement 

To ensure that your group/practice is safeguarding PHI and using the system in compliance with your organization's legal, privacy, and security policies, your designated group/practice administrator may be authorized to participate in the PUAR workflow and required to run and review audit reports on a regular basis. If your group/practice has multiple administrators authorized for the PUAR workflow, each designated report must be run and reviewed by at least one of them to satisfy the audit requirement for the review period. The same administrator is no longer required to run all reports.

Audit Report Check

In accordance with your legal, privacy, and security policies, designated group/practice administrators may be required to periodically run and review audit reports to monitor portal use. Audit report check is a portal feature that can help organizations comply with audit requirements. System settings provide audit report check implementation flexibility. Options range from audit report check not being enabled, to enabled but not enforced, to enabled and enforced. PUAR is the workflow associated with the audit report check feature.

Audit Report Review Responsibility Message

The enhanced PUAR workflow includes an optional configurable responsibility acknowledgement message. A system setting is used to determine if the message is used in your portal. If enabled, the system displays the Audit Report Review Responsibility dialog box to you only if you are authorized to run audit reports and participate in the PUAR workflow. The message is intended to remind you of your responsibility to audit system use and to capture your agreement to accept this responsibility. The A - Audit Report Responsibility Practice Status and A - Audit Report Responsibility User Status reports are available for portal administrators to track user responses to the Audit Report Review Responsibility message.     

Audit Report Review Responsibility message details:

If enabled, the Audit Report Review Responsibility dialog box is displayed when you take one of the following actions:

  • You log in to the portal and are authorized in your default group-role to run audit reports and participate in the PUAR workflow.
    • If you select Agree, your response is logged, and you will not receive the message again for your default group-role.
    • If you select Cancel, your response is logged, and you are redirected to the log-in page.
  • You are in the portal, change your group-role, and are authorized to run audit reports and participate in the PUAR workflow in the group-role you select.
    • If you select Agree, your response is logged, you change to the selected group-role, and you will not receive the message again for the selected group-role.
    • If you select Cancel, your response is logged, you are prevented from changing to the selected group-role, and you are redirected to your current group-role.  

Audit Report Review Responsibility Message Example (Enhanced PUAR Workflow): 

     

Reports to Monitor Audit Report Review Responsibility Status

If you are a portal administrator, use the following reports to monitor responses to the Audit Report Review Responsibility message (applies only if your system is configured to display the Audit Report Review Responsibility dialog box): 

A - Audit Report Responsibility Practice Status

The A - Audit Report Responsibility Practice Status report is associated with the enhanced PUAR workflow and the Audit Report Review Responsibility message. The report lists all groups/practices in the group hierarchy of the person running the report. For each group/practice, the report identifies the group/practice administrators authorized to participate in the PUAR workflow. It indicates the acknowledgement status and date of each group/practice administrator's response to the Audit Report Review Responsibility message.  

Report Columns:

A - Audit Report Responsibility Practice Status 

Column Name Column Description
User Group Group name associated with the group/practice.
User Role Role associated with the user authorized to participate in the PUAR workflow. If no user is authorized for the group, None Assigned is displayed.
User Name First and last name of the user authorized to participate in the PUAR workflow. If no user is authorized for the group, None Assigned is displayed.
User Email Email address associated with the authorized user. If no user is authorized for the group, Not Available is displayed.
User Phone Phone number associated with the authorized user. If their phone number is not in the system or no user is authorized for the group, Not Available is displayed.
Status Authorized user’s response to the message in the Audit Report Review Responsibility dialog box. Column contains one of the following values:
Agreed – User selected Agree in the dialog box.
Canceled – User selected Cancel in the dialog box.
Not Acknowledged – User did not log in to the portal, or while logged in did not change to a group-role in which the user is authorized to participate in the PUAR workflow, and therefore did not encounter the dialog box. 
NA – Group does not have a user authorized to audit system use.
Date Date the authorized user selected either Agree or Cancel in the Audit Report Review Responsibility dialog box.

A - Audit Report Responsibility User Status

The A - Audit Report Responsibility User Status report is associated with the enhanced PUAR workflow and the Audit Report Review Responsibility message. It identifies group/practice administrators, in their assigned group/practice, who encountered the Audit Report Review Responsibility dialog box. Their acknowledgement status, either Agreed or Canceled, is displayed in the report Status column. You can filter the report by Begin Date and End Date.

Report Columns:

A - Audit Report Responsibility User Status

Column Name Column Description
User Group Group in context when the user acknowledged the message in the Audit Report Review Responsibility dialog box. 
User Role Role in context when the user acknowledged the message in the Audit Report Review Responsibility dialog box.  
User Name First and last name of the user authorized to participate in the PUAR workflow. 
User Email Email address associated with the authorized user.
User Phone Phone number associated with the authorized user. If their phone number is not in the system, Not Available is displayed.
Status Authorized user’s response to the message in the Audit Report Review Responsibility dialog box. Column contains one of the following values:
Agreed – The user selected Agree in the dialog box.
Canceled – The user selected Cancel in the dialog box.
Date Date the user selected either Agree or Cancel in the Audit Report Review Responsibility dialog box. 

Audit Report Review 

To help ensure that compliance with your organization's legal, privacy, and security policies, your group/practice administrator may be required to periodically run and review designated audit reports to monitor system use. For example, your system may be configured for the A - Active Users, A - Global Search Report, and A - Practice Physicians reports to be run and reviewed every 90 days to ensure that the portal is being accessed and used according to policy. 

A grace period for running the reports can be configured in the system. For example, you can have a 90-day review period followed by a 15-day grace period. Grace period applies only when audit report check is enforced.  

The following are consequences if audit report check is enforced and reports are not run before the grace period ends:

Group/Practice Administrator Limited Functionality

If your system is configured to enforce audit report check and reports are not run before the grace period ends, the system enforces that all authorized group/practice administrators have access to limited portal functionality until the reports are run. Full functionality is restored to the administrators immediately after the reports are run.

Note:

  • In the enhanced PUAR workflow, in addition to the impact on authorized group/practice administrators, group/practice users are impacted.
    • Users are locked out of portal functionality.
    • Full functionality is restored to everyone in the organization immediately after the reports are run.
  • You can change group-role while in a limited functionality state. 

Also see System Notification - Group/Practice Administrator Limited FunctionalityUser Locked Out, and System Available Email

User Locked Out

In the enhanced PUAR workflow, if your system is configured to enforce audit report check and reports are not run before the grace period ends, all users are impacted. The system enforces that an authorized group/practice administrator runs the reports before users can access full portal functionality. Before the enhanced PUAR workflow, only authorized group/practice administrators lost access to full portal functionality. In the enhanced PUAR workflow, full functionality is restored to everyone in the organization immediately after the reports are run.

Note: You can change group-role while in a locked-out state.

Also see System Notification - User Locked Out, Group/Practice Administrator Limited Functionality, and System Available Email  

Audit Report Review Message for Group/Practice Administrators

If you are an authorized group/practice administrator, the system displays the Audit Report Review message to you if reports are not run before the review period ends. The message is configurable. When audit report check is enforced, the message is intended to notify you that you are in the grace period and remind you to run the reports. Grace period does not apply when audit report check is not enforced.

When audit report check is enforced and the reports are not run before the grace period ends, all authorized group/practice administrators have limited access to portal functionality until the reports are run.

In the enhanced PUAR workflow, when audit report check is enforced:

  • Now an Audit Report Review message is displayed to group/practice users when the review period ends and you are in the grace period; for specific details see Audit Report Review Message for Group/Practice Users.
  • Now all users in your group/practice are impacted and unable to access full system functionality if reports are not run before the grace period ends.

Selecting OK or Cancel in Audit Report Review Dialog Box

When the configured review period ends and reports have not been run, the system displays the Audit Report Review dialog box to authorized group/practice administrators as a reminder to run reports. OK or Cancel are the two options in the dialog box. See below for more information.  

When audit report check is enforced
When audit report check is enabled but not enforced

When audit report check is enforced

During the grace period, if audit report check is enforced, the system displays the Audit Report Review dialog box under the following conditions: 

  • When you log in to the portal, if you are authorized in your default group-role to run audit reports and participate in the PUAR workflow. 
    • If you select OK, you have access to full portal functionality; it is recommended that you run reports now before the grace period ends.    
    • If you select Cancel, you are redirected to the log-in page.
  • When you are logged in to the portal and select to change your group-role and are authorized to run audit reports and participate in the PUAR workflow in the group-role you select.
    • If you select OK, you have access to full portal functionality; it is recommended that you run reports now before the grace period ends.
    • If you select Cancel, you are prevented from changing to the selected group-role and you are redirected to your current group-role.

When audit report check is enabled but not enforced

When audit report check is enabled but not enforced, the system displays the Audit Report Review dialog box under the following conditions:

  • When you log in to the portal if you are authorized in your default group-role to run audit reports and participate in the PUAR workflow.
    • If you select OK, you have access to full portal functionality, but if the reports are not run, the Audit Report Review message is displayed to you every time you log in.    
    • If you select Cancel, you are redirected to the log-in page.
  • When you are logged in to the portal and select to change your group-role and are authorized to run audit reports and participate in the PUAR workflow in the group-role you select.
    • If you select OK, you have access to full portal functionality, but if the reports are not run, the Audit Report Review message is displayed to you every time you change to that group-role.
    • If you select Cancel, you are prevented from changing to the selected group-role and you are redirected to your current group-role.  

Group/Practice Administrator Audit Report Review Message When Audit Report Check is Enforced Example (Enhanced PUAR Workflow):

Audit Report Review Message for Group/Practice Users

In the enhanced PUAR workflow, if you are a group/practice user not authorized to participate in the PUAR workflow, the Audit Report Review message is displayed to you when all of the following conditions are met:

  1. Audit report check is enforced in the system.
  2. Your group/practice has at least one authorized administrator.
  3. The review period ended, and your authorized group/practice administrators are in the grace period for running audit reports and the reports have not been run. 

Select OK in the Audit Report Review dialog box to access full system functionality. When you log in or change your default group-role the Audit Report Review message will continue to be displayed to you until an authorized group/practice administrator runs the reports or zero days remain in the grace period. 

Note: When zero days remain in the grace period and the reports have not been run, you are locked out of system functionality for your group-role in context. Full system functionality is restored immediately after an authorized group/practice administrator runs the reports. You can change group-role while in a locked-out state. 

Also see System Notification - User Locked Out  

Group/Practice User Audit Report Review Message Example (Enhanced PUAR Workflow):

Audit Report Review Message for Group/Practice Administrators When Zero Days Remain in Grace Period

In the enhanced PUAR workflow, when audit report check is enforced, all users in your group/practice are impacted and unable to access full system functionality when zero days remain in the grace period and reports have not been run. Previously, only authorized group/practice administrators were impacted.

Also see System Notification - User Locked Out

Selecting OK or Cancel in Audit Report Review Dialog Box When Zero Days Remain in Grace Period

When audit report check is enforced and zero days remain in the grace period, the system displays the Audit Report Review dialog box to authorized users under the following conditions: 

  • When you log in to the portal and are authorized in your default group-role to run audit reports and participate in the PUAR workflow.
    • If you select OK, you have access to limited portal functionality and are redirected to the Audit Reports page to run reports.
    • If you select Cancel, you are redirected to the log-in page.
  • When you are logged in to the portal and select to change your group-role and are authorized to run audit reports and participate in the PUAR workflow in the group-role you select.
    • If you select OK, you have access to limited portal functionality and are redirected to the Audit Reports page to run reports.
    • If you select Cancel, you are prevented from changing to the selected group-role and are redirected to your current group-role. 

Group/Practice Administrator Audit Report Review Message When Zero Days Remain in Grace Period Example (Enhanced PUAR Workflow):

System Notification - Group/Practice Administrator Limited Functionality

Authorized group/practice administrators are redirected to the Audit Reports page to run designated reports when the following conditions are met:

  1. Audit report check is enforced in the system.
  2. Zero days remain in the configured grace period and the reports have not been run.
  3. The authorized group/practice administrator selects OK in the Audit Report Review dialog box. 

Note:

  • In the enhanced PUAR workflow, under the above conditions, all group/practice users are impacted and unable to access full system functionality until reports are run.
    • Previously, only authorized group/practice administrator access to portal functionality was impacted.
  • You can change group-role while in a limited functionality state.

Also see System Notification - User Locked Out and Run Audit Reports When Zero Days Remain in Grace Period

Group/Practice Administrator Audit Reports Page Example:

System Notification - User Locked Out

In the enhanced PUAR workflow, if you are a group/practice user not authorized to participate in the PUAR workflow, the System Notification - User Locked Out page is displayed to you when all of the following conditions are met:

  1. Audit report check is enforced in the system.
  2. Your group/practice has at least one authorized administrator.
  3. Zero days remain in the configured grace period and an authorized group/practice administrator has not run the reports.

You are locked out of system functionality for your group-role in context. You can change group-role while in a locked-out state. Full system functionality is restored to all group/practice users immediately after an authorized group/practice administrator runs the last required report. 

Group/Practice User System Notification - User Locked Out Example (Enhanced PUAR Workflow):

Run Audit Reports Before Grace Period

Grace period applies only when audit report check is enforced. Knowing which audit reports you are required to run is a prerequisite for running the reports before the grace period starts.

Also see Run Audit Reports During Grace Period.

Running reports before the grace period starts includes the following positive impacts:

Complete the following steps to run audit reports before the grace period starts:

  1. Select  Reports from the menu bar.
  2. Select one of your designated audit reports from the Reports List on the Audit Reports page. 
    • Report Description is displayed below the Reports List.    
  3. If filters are available, value them as required to produce the intended report. An asterisk indicates that the filter is required. If filters, such as Begin Date and End Date, are available, they are displayed when the report is selected. 
  4. Select Search to run the report. The system displays the report on the page. 
    • If you want to sort the report, select a column heading. 
      •  next to the column heading indicates an ascending sort order, for example a to z, or 1 to 10, or oldest date to most recent date.
      •  indicates a descending sort order, for example z to a, or 10 to 1, or most recent date to oldest date.
    • If you want to view a different page of report results, scroll down and select a page number, or use the arrows to go to a page.
    • If you want to change the number of report rows displayed per page, select a different Page Size
    • If you want to see a full screen view of the report, select Expanded View
    • If you want to close Expanded View, select Previous View.
    • If you want to export the report to Microsoft Excel, select Export to Excel.
    • If you want to remove the search filters and revert to the default values, select Clear.  
  5. Review the report to ensure that your group/practice is using the portal in compliance with your organization's policies. See Tips for Reviewing Commonly Used Audit Reports and Audit Report Review FAQs for more information. 
  6. If a discrepancy is found, follow your organization's procedures to report it. 
  7. Repeat Steps 3-7 for each audit report you are required to run.

Run Audit Reports During Grace Period

Grace period applies only when audit report check is enforced.

Complete the following steps to run audit reports during the grace period:

  1. If you are an authorized group/practice administrator, when you log in to the portal or change group-role, the system displays the Audit Report Review dialog box to notify you when you are in the grace period for running reports. Read the message, note the reports listed, and select OK to attest to the audit requirement and proceed. 
  2. Select  Reports from the menu bar.
  3. Select one of your designated audit reports from the Reports List on the Audit Reports page.  
    • Report Description is displayed below the Reports List.    
  4. If filters are available, value them as required to produce the intended report. An asterisk indicates that the filter is required. If filters, such as Begin Date and End Date, are available they are displayed when the report is selected. 
  5. Select Search to run the report. The system displays the report on the page.  
    • If you want to sort the report, select a column heading. 
      •  next to the column heading indicates an ascending sort order, for example a to z, or 1 to 10, or oldest date to most recent date.
      •  indicates a descending sort order, for example z to a, or 10 to 1, or most recent date to oldest date.
    • If you want to view a different page of report results, scroll down and either select a page number, or use the arrows to go to a page.
    • If you want to change the number of report rows displayed per page, select a different Page Size.
    • If you want to see a full screen view of the report, select Expanded View.  
    • If you want to close Expanded View, select Previous View.
    • If you want to export the report to Microsoft Excel, select Export to Excel.
    • If you want to remove the search filters and revert to the default values, select Clear
  6. Review the report to ensure that your group/practice is using the portal in compliance with your organization's policies. See Tips for Reviewing Commonly Used Audit Reports and Audit Report Review FAQs for more information. 
  7. If a discrepancy is found, follow your organization's procedures to report it. 
  8. Repeat Steps 4-8 for each audit report you are required to run.  

Run Audit Reports When Zero Days Remain in Grace Period

Grace period applies only when audit report check is enforced. If you are an authorized group/practice administrator, when you log in to the portal or change group-role, the system displays the Audit Report Review dialog box notifying you that zero days remain in the grace period. See the example below.

Audit Report Review Dialog Box When Zero Days Remain in Grace Period Example:

Complete the following steps to run audit reports when zero days remain in the grace period:

  1. Select OK in the Audit Report Review dialog box. You are redirected to the Audit Reports page and the reports that must be run to restore access to full system functionality are listed. This is an example: 
  2. Select a designated audit report from the Reports List. 
    • Report Description is displayed below the Reports List. 
  3. If filters are available, value them as required to produce the intended report. An asterisk indicates that the filter is required. If filters, such as Begin Date and End Date, are available they are displayed when the report is selected. 
  4. Select Search to run the report. The system displays the report on the page.   
    • If you want to sort the report, select a column heading. 
      •  next to the column heading indicates an ascending sort order, for example a to z, or 1 to 10, or oldest date to most recent date.
      •  indicates a descending sort order, for example z to a, or 10 to 1, or most recent date to oldest date.
    • If you want to view a different page of report results, scroll down and either select a page number, or use the arrows to go to a page.
    • If you want to change the number of report rows displayed per page, selection a different Page Size
    • If you want to see a full screen view of the report, select Expanded View
    • If you want to close Expanded View, select Previous View.
    • If you want to export the report to Microsoft Excel, select Export to Excel.
    • If you want to remove the search filters and revert to the default values, select Clear.
  5. Review the report to ensure that your group/practice is using the portal in compliance with your organization's policies. See Tips for Reviewing Commonly Used Audit Reports and Audit Report Review FAQs for more information. 
  6. If a discrepancy is found, follow your organization's procedures to report it. 
  7. Repeat Steps 2-6 for each audit report you are required to run.

After you run the designated reports, access to full system functionality is restored to all authorized administrators in your group/practice. In the enhanced PUAR workflow, full system functionality is also restored to all other users in your group/practice and a system available email is sent to all active users regardless of configured role.

Export Reports to Microsoft Excel

Microsoft Excel or a .XLS / .XLSX compatible application is required to export reports to Excel.

Complete the following steps to export a report to Excel:

  1. Run a report
  2. Select Export to Excel, located above the column headings row. 
  3. The report is exported to a worksheet in .XLS or .XLSX format. The file is not encrypted or password protected.
  4. Depending on your browser and settings, a dialog box may be displayed. If displayed, select what to do with the file, for example open, save, or save as. Complete any additional steps required for the selected action.

Tips for Reviewing Commonly Used Audit Reports

If you are an authorized group/practice administrator, you may be required to run and review designated audit reports on a regular basis. Three such reports are the Active Users, Global Search, and Practice Physicians reports. Select each of the following reports for more information:

A - Active Users

The A - Active Users report contains information to facilitate active management of user accounts for users in your group/practice. The report can help you identify accounts to extend or remove. User accounts are sorted in the following default order: 

  1. Users with an expired account
  2. Users with a disabled account
  3. Users with an account that will expire in the next 100 days
  4. Other users
  5. LDAP users

The report has the following columns to help you track and follow up on accounts that need attention:

Column Name Column Description
Admin Action Required This column is valued to Action Needed if the user account is expired, disabled, or expiring in the next 100 days.
Extend? Export the report to Excel and use this column to mark the user accounts to extend.
Remove? Export the report to Excel and use this column to mark the user accounts to remove.
User ID The username associated with the account.
Number of Days until Account Expiration This column is valued to Expired for expired accounts, otherwise it contains the number of days until the account expires.
Number of Days until Account Disabled Due to Inactivity  This column is valued to Disabled for disabled accounts, otherwise it contains the number of days until the account is disabled due to inactivity.
Failed Login Attempt Locked Out This column is valued to Yes if a user account is locked due to unsuccessful log-in attempts, otherwise it is valued to No.
User First Name The first name of the user associated with the account.
User Last Name The last name of the user associated with the account.
Email The email of the user associated with the account.
User Group The user's assigned group.
User Role The user's assigned role.
Date of Last System Logon The date and time that the user last logged in.

 

Objective: Review the A - Active Users report to identify users who are no longer with the group/practice and other accounts that need attention.

Action: Export the report to Excel. Use the Extend and Remove columns to mark the action to take with each user account that needs attention. Use one of the following methods to notify Provider Portal Support of the group/practice and the user accounts to extend or remove: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log a service record (SR) in eService to the solution of Provider Portal.

A - Global Search Report

The A - Global Search Report provides a list of users in your assigned group/practice who used the Global Search utility to access patient information during a specified date range. It includes the following information:

  • Details about the user who performed the search
  • Patient information entered to perform the search, for example:
    • First name
    • Last name
    • Date of birth
    • SSN
    • MRN
  • Search reason
  • Date and time of search

Objectives:

  1. Review the A - Global Search Report report to identify inappropriate viewing of patient information. For example, searches for family members or celebrity names, searches at an unusual time of day, or searches by unauthorized users.
  2. Ensure that a valid reason is provided for each search.
  3. Ensure that all patients listed are associated with physicians in the group/practice.

Action: Report inappropriate viewing of patient information to a designated compliance contact in your organization or follow your organization's procedures to report misuse of the Global Search utility.    

A - Practice Physicians

The A - Practice Physicians report provides a list of all physicians who have results routed to the group/practice. The report contains physician information including the following details:

  • Name
  • ID
  • Status (active, inactive)

Objective: Review the A - Practice Physicians report to identify physicians who should not have results routed to the group/practice.

Action: Use one of the following methods to notify Provider Portal Support of the group/practice and the physicians who should not route results to it: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log an SR in eService to the solution of Provider Portal.

System Available Email

In the enhanced PUAR workflow, a system available email is sent to all active group/practice users, regardless of configured role, when access to full system functionality is restored following a lockout. The email is sent when an authorized administrator for the group/practice runs the last required report.

A - Audit Report History Report 

On the A - Audit Report History report, the system displays groups/practices and indicates if they are current or overdue with running required audit reports. 

  • The latest columns added to the A - Audit Report History report are described below:

Column Name Column Description
Grace Period Days Remaining The number of days left in the grace period when the report is in an overdue status. This value is calculated using system setting C-Number of Days for Audit Report Grace Period.
Days Until Due The number of days left until reports are due to be run again when the report is in a current status. This value is calculated using system setting C-Maximum Number of Days Between Audit Report Checks. 
Authorized Users The first and last name of all users responsible for running audit reports as part of the PUAR workflow. An authorized user is any user who is associated with the practice and is assigned the Reports-AuditAttestationAccess system authorization.
User Email The email address associated with each authorized user.
User Phone The phone number associated with each authorized user. If their phone number is not in the system, Not Available is displayed.  

 

  • The latest columns modified on the A - Audit Report History report are described below:  

 

Column Name Modification Description
Status

Now the three values for Overdue status are:
Overdue
The reports are overdue and system setting C-Enforce Audit Report Check (N/Y) is set to N. 
Overdue – Within Grace Period
The reports are overdue, days remain in the configured grace period, and system setting C-Enforce Audit Report Check (N/Y) is set to Y.
Overdue – Locked Out
The reports are overdue, zero days remain in the configured grace period, and system setting C-Enforce Audit Report Check (N/Y) is set to Y.


Previously, the Overdue – Outside Grace Period status indicated that the grace period was used when the reports were not enforced, meaning when system setting C-Enforce Audit Report Check (N/Y) was set to N. However, the grace period is not used in this scenario. The Overdue – Outside Grace Period status now is renamed Overdue.

Date Last Attested

Now a value is displayed in this column independent of the value in the Status column. Previously a value was displayed in this column only when the Status column had a value other than Current.  

User Last Attested

Now a value is displayed in this column independent of the value in the Status column. Previously a value was displayed in this column only when the Status column had a value other than Current. 

 

Audit Report Review FAQs

The audit report review frequently asked questions (FAQs) may be helpful for your organization. The FAQs are particularly relevant if your organization designated the Active Users, Practice Physicians, or Global Search Report as required audit reports. It is possible that these FAQs do not apply to you and how your organization is using the audit report check feature.  

- The system notified me that I am required to run audit reports. What do I do with the reports?
- What if reports list users who are no longer with the group/practice?
- What if some people in my group/practice are not listed on the Active Users report?
- Why is the same physician listed multiple times on the Practice Physicians Report?
- What if some of my practice physicians are missing from the Practice Physicians Report?
- What do I do with the Global Search Report?
- How do I update my user account to remove the requirement to run the reports?

The system notified me that I am required to run audit reports. What do I do with the reports?

As someone who is set up as a group/practice administrator in the system and authorized to participate in the PUAR workflow, you are required to run and review reports to ensure that the system is being used according to policy. Improper user access, patient searches, or results routing must be prevented or reported through your organization's compliance channels.

When the designated reports are run, the system tracks that the compliance requirement was met. The requirement is to review the reports and act on items that are out of policy. A requirement to print, save, or send the reports does not exist in the system. Some groups/practices have large reports to review. In this case, it may be easier to export the report to Excel to review the data.

Note: The Global Search Report contains protected health information (PHI). If you export it to Excel, do not save it in an unencrypted format or on an unencrypted device. Permanently delete or destroy this report promptly after review. 

What if reports list users who are no longer with the group/practice?  

Use one of the following methods to notify Provider Portal Support of the group/practice and the user accounts to remove from it: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log a service record (SR) in eService to the solution of Provider Portal.

See also: A - Active Users

What if some people in my group/practice are not listed on the Active Users report?

Follow your health system's established process to request new Provider Portal user accounts.

See also: A - Active Users

Why is the same physician listed multiple times on the Practice Physicians report? 

The Practice Physicians report lists all physician IDs assigned to the group/practice for results routing. One physician can have multiple IDs depending on the number of systems sending results to the portal. Review this report to flag physicians who should not have results routed to your group/practice. Use one of the following methods to notify Provider Portal Support of the group/practice and the physicians who should not route results to it: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log an SR in eService to the solution of Provider Portal.

See also: A - Practice Physicians   

What if some of my practice physicians are missing from the Practice Physicians report?

If the provider has a portal user account but is not on the Practice Physicians report, it is because the provider is not associated with the practice for results routing. That association occurs only if the health system submits a request to assign a provider for results routing. Having user credentials for Provider Portal does not always mean that a physician will have results routing to a practice location.

If you want to know why a physician does not route results to your practice, use one of the following methods to contact Provider Portal Support: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log an SR in eService to the solution of Provider Portal.

See also: A - Practice Physicians

What do I do with the Global Search Report?

The purpose of the Global Search Report is to check for out-of-policy viewing of patient records. To run the report, you need to specify a date range covering the last 90 days. Look for and review suspicious activity such as searches for VIP or celebrity names, searches for self or family members, searches at an unusual time of day, or viewing by unauthorized or past users. In addition, ensure that a legitimate search reason was entered. If suspicious activity is found, report your findings to the compliance contact designated by your health system. 

See also: A - Global Search Report

How do I update my user account to remove the requirement to run the reports?

If you are assigned a group/practice administrator role in the system, you may be authorized and required to run and review audit reports on a regular basis. If you are approved to be relieved of PUAR duties, another group/practice user must be set up in the system to assume the responsibility. Use one of the following methods to request this change: 

  • From the Contact Us page, select Submit Support Request. Provide the required information and submit your request.
  • Log an SR in eService to the solution of Provider Portal.
Copyright Cerner Corporation. All rights reserved.