The Audit Trail and Node Authentication (ATNA) Integration Profile is part if the IHE IT Infrastructure technical framework.
This profile establishes the characteristics of a Basic Secure Node:
- It describes the security environment (user identification, authentication, authorization, access control, etc.) assumed for the node so that security reviewers may decide whether this matches their environments.
- It defines basic auditing requirements for the node.
- It defines basic security requirements for the communications of the node using TLS or equivalent functionality.
- It establishes the characteristics of the communication of audit messages between the Basic Secure Nodes and Audit Repository nodes that collect audit information.
- It defines a Secure Application actor for describing product configurations that are not able to meet all of the requirements of a Secure Node.
Note: ATNA security considerations require the use of Secure Nodes. The Secure Application is defined to permit product configurations to indicate that the product is ready for easy integration into a Secure Node environment because it performs all of the security related functions that are directly related to the application function.
This profile has been designed so that specific domain frameworks may extend it through an option defined in the domain specific technical framework. Extensions are used to define additional audit event reporting requirements, especially actor specific requirements. The Radiology Audit Trail option in the Radiology Technical Framework is an example of such an extension.
Source: IHE IT Infrastructure Technical Framework rev 5.1