Anyone on here using tools to monitor access to SAS files with PHI in them so you can track who has accessed what PHI? Or even just who accessed the file at all?

Our IT folks are doing a log aggregation project where they are trying to pull together records of who accessed PHI when. I can't think of an easy way to track file access. Below is what tech support sent me, plus some other stuff about how certain data management things will actually break the audit trail.

Since it doesn't log read-only access and the trail can be broken pretty easily, not really what we need.

[pre]There is an Audit Trail feature for SAS data sets
but I am not sure this is going to provide you with the
type of data set access information you are looking
for. The SAS Audit Trail cannot track information on
data sets that are opened for read-only access. The
Audit Trail is only for data sets that have been
modified and with the Audit Trail you have to use
certain methods in the DATA step or certain procedures
to preserve the audit trail and prevent it from being
deleted.
The Audit Trail feature in SAS builds a SAS data set which is maintained by
SAS. Audit trail data sets contain information about modifications to a SAS data
set. Each time an observation, is added, deleted, or updated, information is
written to the audit trail data set about who made the modification, what was
modified, and when the modification took place.[/pre]

Anyone have any thoughts?

Running Base + a few other packages, but no BI tools.... Message was edited by: JenHarper