Audit Controls (164.312 (b)) and Compliance

Audit Controls is a HIPAA Security Rule Standard defined in the Technical Safeguards section of the legislation. The objective of this requirement is for organizations to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information (EPHI). This Standard does not include any implementation specifications. 

To address this HIPAA Security Rule requirement, organizations need to:

1. Determine the activities that will be tracked or audited. Consider not just systems and applications, but also to audit at the record level so you can determine if any unauthorized modifications may have been made to EPHI.
2. Identify the tools that will be deployed for auditing. Time is precious and most IT departments in healthcare organizations just do not have the time to review audit reports. Consider two things: one automation of key audit capabilities and the second, centralization and consolidation of audit information. Several vendors have tools that can help you to establish an audit architecture that streamlines information and generates an audit report that is tailored to your environment and priorities.

FREE: For more information or to get a complimentary HIPAA Security Rule Quick Reference Card, please contact Lorna.Waggoner@ecfirst.com or call her at 1.515.453.8247 x17.