Health(care) records form persistent evidence of health status and the provision and completeness of
health(care) services, being retained in electronic and/or other media. Health(care) records often contain
Protected Health Information (PHI), typically defined as "individually-identifiable health information", and thus
incur safeguards exceeding the ordinary.
The prime unit of health(care) record-keeping is the Entity/Act Record, the authenticatable unit of the health
record, evidencing (documenting) the performance/completion of an Act by an Entity and preserving the
Accountability Context of the Entity for the Act. (Note that the Entity/Act is central to Health Level Seven's
Version 3 Reference Information Model.)
Trusted stewardship, retention and interchange of Entity/Act Records/PHI requires vital safeguards such as
traceability and audit. This Technical Report offers an information flow methodology for units of the
health(care) record/PHI, particularly the Entity/Act Record, and specifies critical Trace Points (audit events)
in that flow including: record/PHI origination, authentication, amendment, translation, access/use,
transmittal/disclosure, receipt, de-identification/re-identification, archival, etc.
This Technical Report offers an informative guide to trusted end-to-end information flow for health(care)
records and to the key Trace Points and audit events in the electronic Entity/Act Record lifecycle (from point
of record origination to each ultimate point of record access/use). It also offers recommendations regarding
the trace/audit detail relevant to each.
This Technical Report offers recommendations of best practice for healthcare providers, health record
stewards, software developers and vendors, end users and other stakeholders, including patients.