SMTP Event Notification Email and PHI

Understand that audit settings can be configured to avoid exposing protected health information (PHI) when using email for audit event notifications.

Vocera uses SMTP technology as an alerting tool. When an audit event marked for this type of alert is executed, an email is sent to the personnel who are able to perform corrective actions on the system. To avoid exposing any protected health information (PHI), the audit content is not included in the email but is available via a link; the email recipient can follow the link in the SMTP alert to view the audit event details.

A specified event code triggers the notification email, which is sent to the configured recipient as an HTML document. The email contains the event code, the component which sent the audit event, the statement, and a link to the specific audit event. In addition, the email contains information specific to the Vocera Platform, including the domain name, IP address, and so forth.

To set up email notifications, first configure the SMTP Mail Server settings in the Destinations section that will handle the outgoing email notifications from Audit. See Configuring SMTP Settings for details.

Then, in the Notifications section, select the event codes that will trigger an email notification, and the SMTP destination. See Working with Notifications Settings for details.

Once configured, the email notifications that are triggered will contain an Audit Event link in the Event Address field as shown below. The email recipient can click the link to access the event details, which potentially contain PHI.