(ii) Implementation specifications:
(D) Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
The Information System Activity Review implementation specification requires covered entities and business associates to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. The period for which activity logs are maintained and the extent, frequency, and nature of reviews are determined by the covered entity’s security environment and overall security management process.
A complete set of HIPAA Security Policies and Procedures may be purchased here.
- NIST SP 800-55 Security Metrics Guide for Information Technology Systems
- NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
- NIST SP 800-12 chapter 5 An Introduction to Computer Security: The NIST Handbook
Latest posts by admin (see all)
- Clearwater Says New National Survey Findings A ‘Wake-up Call’ for Health System Cybersecurity - October 31, 2018
- Healthcare’s Most Wired: National Trends 2018 - October 31, 2018
- Clearwater’s IRM|PRO SAAS Platform Included in NIST SP 1800-8 “Securing Wireless Infusion Pumps” Practice Guide - October 2, 2018