Audit trails allow a security officer in an institution to audit activities, to detect non-compliant behavior in the enterprise, and to facilitate detection of improper creation, access, modification and deletion of Protected Health Information (PHI).  This includes information exported to and imported from every secured node in the so-called "secured domain."  The audit trail contains information so that questions can be answered such as:

• From a user perspective, which patient's PHI was accessed
• From a patient PHI perspective: which users accessed it
• What user authentication failures were reported
• What node authentication failures were reported
• To limit access to all "secured nodes" in a "secured domain" (defined as a set of cross-connected secured nodes) to "authorized users."
• To provide a central Audit Record repository as the simplest means to implement security requirements.  An immediate transfer of Audit Records from all the IHE actors to the Audit Record Repository is required, reducing the opportunities for tampering and making it easier to audit the department.
• To allow tracking of the life of PHI information (creation, modification, deletion and location).