2 postagens marcadas com "Audit Log"

Overview​

This release introduces the PHI Access Consent Acknowledgement experience in OmegaAI, designed to strengthen privacy, compliance, and auditability across the platform. All non-federated users — including local users and social Identity Provider (IDP) users — are now required to explicitly acknowledge a mandatory compliance disclaimer before accessing any Protected Health Information (PHI) within OmegaAI.

How to Acknowledge the Disclaimer​

The disclaimer is presented automatically at login. The walkthrough below shows how to review and acknowledge it — scroll to the bottom to read it in full, check the confirmation box, then click Agree to continue into OmegaAI.

What’s New​

1. Mandatory PHI Access Disclaimer on Login​

What changed:​

Upon login, all non-federated users (local and social IDP users) will now be presented with a full-screen Protected Health Information (PHI) Access and Use Disclaimer. The disclaimer must be acknowledged before any PHI, or application functionality becomes accessible.

Benefit:​

Ensures that every user explicitly confirms their authorization and legal basis to access PHI, supporting HIPAA and HITECH compliance obligations while reducing the risk of unauthorized PHI exposure.

2. Consent Recording and Audit Logging​

What changed:​

When a user selects Agree, their consent is securely captured via an API call and stored in the backend (EXT.JSON structure). Each consent event is logged with the user action (Agree/Disagree), timestamp, geographic location, and time zone.

Benefit:​

Provides a complete, tamper-evident audit trail for both acceptance and rejection events, supporting regulatory audits and internal compliance investigations.

3. Access Control Enforcement​

What changed:​

PHI access and all application functionalities are fully blocked until the user provides a recorded response to the disclaimer. The disclaimer cannot be dismissed, bypassed, or closed without consequence. If the window is closed without a response, the disclaimer will reappear on the next login.

Benefit:​

Guarantees that no user can access PHI without explicit prior consent, eliminating any possibility of accidental or unauthorized access at the point of authentication.

4. Disagree Flow – Immediate Logout and PHI Block​

What changed:​

If a user selects Disagree, they are immediately logged out and redirected to the login screen. No consent data is written, and PHI access remains blocked.

Benefit:​

Preserves the integrity of the consent process and ensures that users who do not agree to the disclaimer are prevented from interacting with any PHI-sensitive workflows.

5. Multi-Language Support​

What changed:​

The PHI Access and Use Disclaimer is available across all supported OmegaAI language translations.

Benefit:​

Ensures that all users, regardless of their preferred language, can clearly understand the compliance requirements before accessing PHI.

Important Notes​

• Applies to all non-federated users only (local users and social IDP users). Federated users authenticated via external enterprise identity providers are not affected.
• PHI access and all application functionalities are fully blocked until consent is recorded — there is no workaround.
• The disclaimer cannot be bypassed, dismissed, or skipped. Closing the window without responding will cause it to reappear on the next login.
• Once a user accepts the disclaimer, it will not appear again for that user.
• A full audit trail is captured for both acceptance and rejection events, including timestamp, user location, and time zone.
• The disclaimer is compliant with HIPAA, HITECH, and applicable state or regional privacy laws and is available in all supported OmegaAI language translations.

Where to Find It​

The PHI Access and Use Disclaimer is automatically presented during the login flow. No manual navigation is required.

Login Page → PHI Access and Use Disclaimer (auto-triggered post-authentication)

Updated Help Articles​

Login Process and MFA – Login Process and MFA | OmegaAI User Guide

Overview​

OmegaAI introduces a Study Locking mechanism designed to protect finalized studies from accidental or unauthorized modifications. When a study reaches a specific configurable status, the system automatically locks it. It makes it read-only across key modules — while still allowing controlled overrides for authorized users when necessary.

What's New​

1. Configurable Study Locking Trigger​

What changed​

Study locking is triggered when a study status reaches the configured threshold defined in the workflow step mapping "Prevent Modification ≥ PRIOR." Once met, the study becomes locked and read-only. The mapping between study status and the Prevent Modification workflow step is fully configurable per organization.

Benefit​

Organizations can define exactly at which status level a study becomes protected, providing flexibility to align locking behaviour with their specific clinical and operational workflows.

2. Read-only behaviour across Worklist and Study Pages​

What changed​

When a study is locked, all editable components on the Worklist page and all study fields on the Study page become read-only. For users without special permissions, edit buttons are hidden and replaced with a lock icon. Hovering over the icon displays a tooltip indicating the study is locked and cannot be modified.

Benefit​

Prevents accidental edits to finalized studies and provides clear visual feedback to users about the locked state, reducing confusion and errors.

3. Modify Locked Study — new UAC privilege​

What changed​

A new User Access Control (UAC) privilege, "Modify Locked Study," has been introduced. Users assigned this privilege (e.g. QA personnel, lead technologists) can see the Edit button on locked studies. When saving changes, a confirmation dialog is displayed requiring explicit confirmation before changes are applied.

Benefit​

Enables controlled overrides for authorized users without compromising the integrity protections applied to all other users, supporting both compliance and operational flexibility.

4. Image ingestion supported for Locked Studies​

What changed​

OmegaAI can continue to receive and ingest new DICOM images into locked studies through all ingestion paths, including standard image routing workflows. Image and series counts are automatically updated upon ingestion. However, protected metadata — including patient information, study descriptions, and order details — remains unchanged.

Benefit​

Ensures critical imaging operations are not blocked by locking, while still safeguarding finalized study metadata from being overwritten or altered unintentionally.

5. Audit logging for locking activity​

What changed​

OmegaAI now logs all activities related to study locking, including configuration changes, successful image ingestion into locked studies, privileged user overrides, and blocked modification attempts by unauthorized users.

Benefit​

Provides a complete audit trail for compliance, traceability, and regulatory requirements, ensuring full operational transparency around finalized imaging studies.

Watch It in Action​

Important Notes​

• Locked studies are read-only for all users without the "Modify Locked Study" UAC privilege — edit buttons are hidden on the study information page.
• The locking threshold is configurable per organization via the workflow step mapping; changes to this configuration are audit-logged.
• Image ingestion into locked studies is permitted, but protected metadata fields cannot be overwritten during ingestion.
• Users with the "Modify Locked Study" privilege must explicitly confirm the intent to modify via the system confirmation dialog before changes are saved.
• Study locking applies across the Worklist and Study pages; ensure all relevant user roles are reviewed and updated with appropriate UAC privileges post-release.

Where to Find It​

Locking configuration Admin → Workflow Settings → Study Status Mapping → Prevent Modification

UAC privilege assignment Admin → User Access Control → Roles → Modify Locked Study

Lock icon and read-only behaviour Worklist → Study Row | Study → Study Details Page

Audit logs Admin → Audit Logs → Study Locking Activity

Updated Help Articles​

Study Locking | OmegaAI User Guide