An Evaluation of EHR System Audit Functions in a Saudi Arabian Hospital
For both medical and legal reasons, hospitals adopting electronic health record (EHR) systems need to have comprehensive audit functions to ensure the integrity, security, and accuracy of data held in the records. Given the increasing use of EHR systems in Saudi hospitals, this paper aims to evaluate the key audit capabilities/functions and establish the level of compliance of the EHR system installed at King Abdul-Aziz Medical City (KAMC) hospital in Riyadh. A survey team conducted the evaluation of 17 different audit functions using an audit vignette in a test domain. The results of the evaluation showed that the category “event/transaction audit accessibility and display quality” (one function) had 100% compliance, “audit accuracy and comprehensiveness” (five functions) had 80% compliance, “system function and audit accuracy and comprehensiveness” (two functions) had 50% compliance, and “observation, comparison of narrative and audit” (nine functions) had 67% compliance. Overall, 12 out of the 17 functions (71%) fulfilled compliance and five functions received a score of zero (function not in evidence or not user accessible). The overall compliance level of 71% shows that the EHR audit functionalities are in general well established and fulfill the basic demands of the audit. The system’s five non-complying items were found to be specific use requirements due to the delay in the implementation of phase II of the EHR system. The evaluation should be repeated when the EHR system is fully implemented in order to evaluate whether the level of compliance has increased. Similar evaluations of EHR system audit capabilities should be made in other hospitals in Saudi Arabia.
Electronic health record system; audit functions; compliance; Saudi Arabia; hospitals