The Health Insurance Portability and Accountability (HIPAA) regulation impacts healthcare organizations that exchange patient information electronically. HIPAA regulations were established to protect the integrity of health information. The HIPAA compliance audit secures health information against unauthorized use or disclosure of the information. As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. According to the HIPAA compliance audit, an organization must be able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.
Pre-defined HIPAA Audit-ready Reports:
- User Logon report - HIPAA requirements (164.308 (a) (5) - log-in/log-out monitoring) state that user accesses to the system be recorded and monitored for possible abuse.
- User Logoff report - HIPAA requirements clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
- Logon Failure report - The security logon feature includes logging all unsuccessful login attempts. The user name, date and time are included in this report.
- Audit Logs access report - HIPAA requirements (164.308 (a) (3) - review and audit access logs) calls for procedures to regularly review records of information system activity such as audit logs.
