August 30, 2012
One of the requirements of the HIPAA Security Rule is to monitor audit logs primarily to identify if data is leaking or being leaked for any reason. This could be by someone accessing the data or during file downloads, times of data access, etc. Routinely monitoring your data is only part of the scope of this requirement – you must also have a designated and documented plan.
You may have audits in place with your software, but that is only the start – those audits must be monitored on a regular basis. If you are ever audited you will be asked for your audit/monitoring log. Be sure to have yours handy and accessible. If you’ve heard me speak on this topic, you know I am an advocate for having a Core Measure #15 File so that you can put your hands on the data you need to demonstrate your compliance with the Security Rule.
Share and Enjoy: