Security Modifications Audit Report (HIPAA)
Purpose
The Security Modifications Audit Report displays information about users who accessed or performed functions in the Admin Tool or Admin > Settings > Capacity Management component (such as adding or editing users or modifying passwords).
Description
Note: To generate this report, you must have the Access Application Level HIPAA Audit Data permission. The report displays only records associated with users selected in the report criteria whose base units are within the campus selected in the report criteria. If no campus is selected in the report criteria, records are returned from all campuses that the selected user had access to. If no users were selected, then the report displays records associated with all users whose base units are within the selected campus. The users who made the modifications are shown. The parameters that were selected when the report was generated (such as campus, date and time range for the base campus of the user who generates the report, or names of users who made modifications) appear on the report.
Note: Dates and times appear in the format configured in the Admin Tool component or in Admin > Settings > Capacity Management. For example, dates might appear in dd/mm/yyyy format (07/05/2016 is May 7, 2016) and times might appear in twenty-four-hour format (16:00 is 4 PM).
For each user who made modifications and who meets the criteria selected when the report was generated, the following information is displayed on the report.
Name | Description |
IVR ID and name of user who made the modifications | Each user who made modifications and who meets the report criteria is listed. The user's IVR ID is shown as User <IVR ID #>. The user's last name and first name appears. For example, User 1111 Browne, Pat means that the user Pat Browne, who has an IVR ID of 1111, made the modifications listed. If Interface appears, then a transaction was completed automatically. The information described in the following rows of this table appears under the IVR ID and name of each user who made modifications. |
Campus | Select a campus to limit the report to display only records from that campus for the selected user during the Date and Time Range. If no campus is selected in the report criteria, records are returned from all campuses that the selected user had access to during the Date and Time Range. |
Date | The date of each transaction associated with the user (for example, the date that the user reset a PIN, added a group, or selected an assignment or membership for the day). The date is displayed as the local date for the base campus of the user who generates the report. |
Time | The time of each transaction associated with the user (for example, the time that the user reset a PIN, added a group, or selected an assignment or membership for the day). The time is displayed as the local time for the base campus of the user who generates the report. |
Transaction Type | The kind of modification that the user made (for example, updating a group, selecting an assignment for the day, adding a user, removing a user's assignment, or updating a user profile). Only the transaction types that were selected in the Transaction Types list when the report criteria was selected appear. For example, if Add Role was NOT selected as a transaction type when the report was generated, then even if a user added a role, that transaction does not appear on the report. If no transaction types were selected, all types appear. |
Target Record | The type and the specific description of the record that was changed. (For example, User:CSmith means that the user record for the user name CSmith was changed in the transaction. Role:AdminRole means that a role called AdminRole was changed.) |
IP/IVR | The workstation IP address used to perform the transaction. If the transaction was performed over the IVR, this column displays IVR. |