Skip to main content

Audit Trail

The audit trail is a comprehensive, tamper-proof record of every action taken within SystmOne. It supports accountability, patient safety, clinical governance, and compliance [1].

Key Message

Every action is recorded. Audit entries cannot be deleted, modified, hidden, or tampered with [1].

What Is an Audit Trail?

An audit entry captures the five Ws of every system action [1]:

WHO
User ID ⋅ full name ⋅ role or designation
WHAT
Action performed (view, create, edit, delete, mark in error)
WHEN
Precise timestamp & event date
WHERE
Location in system (node/module and patient record)
WHY
Reason provided for corrections and significant changes

This permanent log supports clinical governance, medicolegal protection, and regulatory compliance.

Why the Audit Trail Exists

PurposeHow the Audit Trail Supports It
AccountabilityEvery action is traceable to an individual user
Patient safetyEnables investigation of documentation and medication errors
Clinical governanceProvides evidence of procedure adherence and protocol compliance
Medicolegal protectionSupports complaint handling with a complete timeline
Quality assuranceIdentifies patterns in errors or inappropriate access
Regulatory complianceSupports MOH requirements, ISO 27001 9.4.5 / 12.4, and ISO 9001 [2]
Data securityDetects unauthorized access and suspicious activity

What Gets Recorded

The audit trail captures every meaningful interaction with patient data:

  • Login and logout events
  • Patient record access and viewing
  • Documentation created, modified, or marked in error
  • Prescriptions issued or amended
  • Appointments booked, moved, or cancelled
  • Test and procedure orders placed
  • Data exports or printing
  • Demographic changes
  • System configuration changes (administrators)
Patient Context

Each entry also records the patient identifier (IC number) affected, the result (success or failure), and before/after values where applicable.

Error Corrections Are Permanently Logged

When you correct a mistake, the audit trail does not erase the original action — it adds to the story. This is one of the most important behaviors to understand.

Correction ActionWhat the Audit Trail Records
Mark In ErrorUser, timestamp, reason provided, original entry content, patient affected
Reinstate entryUser, timestamp, entry reinstated, justification
Registration changesBefore/after values (IC, name, DOB) and approval details
Medication amendmentsOriginal prescription details, changes made, coordination notes
Appointment changesOriginal booking, updated details, reason, user who modified
Late entry documentationActual event date vs. entry date, backdate reason

When Is the Audit Trail Reviewed?

ScenarioWhat Is ReviewedPurpose
Patient complaintRecord access and changesInvestigate alleged breach or error
Documentation discrepancyChanges to specific entriesVerify correction procedures were followed
Medication error investigationPrescription history and amendmentsEstablish timeline and responsibility
Security incidentUnusual access patterns, failed logins, after-hours accessDetect unauthorized access attempts
Quality assurance reviewCorrection frequency and patternsIdentify training and system improvements
Regulatory audit (MOH, ISO)Evidence of compliance and traceabilityDemonstrate adherence to requirements
Medicolegal caseComplete record of clinical actions and decisionsProvide evidence for legal proceedings

The audit trail supports:

  • ISO 27001 9.4.5 / 12.4: Control 9.4.5 requires logging and monitoring [2]
  • ISO 9001: requires traceability and accountability
  • MOH medical record standards: require documentation of changes to patient records
  • Personal Data Protection Act (PDPA) [3]: requires auditing of personal data access and changes
  • Malaysian Medical Council guidelines [4]: professional standards for record keeping
  • ISO 27789: dedicated EHR audit trail standard [1]
  • DKICT-V5: KKM ICT security policy for audit log access control
Key Takeaway
How to think about the audit trail
  • Every action in SystmOne is permanently recorded and cannot be altered or deleted
  • The audit trail captures who did what, when, where, and (for corrections) why
  • Error corrections add to the audit story — they never erase the original action
  • Review happens during complaints, errors, security incidents, quality reviews, regulatory audits, and medicolegal cases
  • Full audit reports are role-based and restricted to authorized reviewers

Contributor

Dr Fuad Jaafar

Dr Fuad Jaafar

Facilitator, CCMS • KK Bandar Maharani

84 contributions

Feedback

Send feedback

Last updated on by Fuad Jaafar

Sources

  1. ISO 27789:2021 — Health Informatics — Audit Trails for Electronic Health Records(2021)
  2. ISO 27001:2022 — Information Security, Control 9.4.5 — Logging and monitoring(2022)
  3. Personal Data Protection Act 2010 (Akta 709) — Malaysia(2010)
  4. Malaysian Medical Council — Guideline 003/2006: Medical Records(2006)

Feedback

Send feedback

© CCMS Hub. Content on this site was prepared for internal clinical use. Please request permission before reproducing or republishing on other platforms.