FacebookTwitterLinkedInEmailPrint
This entry is part 26 of 59 in the series Complete Guide to HIPAA Security Final Rule

(ii) Implementation specifications:

 (D) Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

 Tell Me More:

The Information System Activity Review implementation specification requires covered entities and business associates to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.  The period for which activity logs are maintained and the extent, frequency, and nature of reviews are determined by the covered entity’s security environment and overall security management process.

A complete set of HIPAA Security Policies and Procedures may be purchased here.

References:

Series Navigation<< 164.308(a)(1)(ii)(C) Standard: Security management process – Sanction Policy164.308(a)(4)(ii)(C) Standard: Information access management – Access establishment and modification >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.
 
FacebookTwitterLinkedInEmailPrint