White Papers for Health Insurance Portability and Accountability Act (HIPAA)

HIPAA and Audit Logs

LogLogic

The 1996 federal Health Insurance Portability and Accountability Act (HIPAA) calls for Administrative Simplification in the health care industry through standardization of certain electronic transactions. A handful of transactions such as health plan enrollment, patient referrals, and claims for health care services routinely flow between employers, providers, and payers. Increasingly, those transactions – all of which carry identifiable plan member or patient data are in electronic form. In mandating HIPAA’s security rule, Congress recognized that while standardizing these inter-organizational transactions will bring efficiency and cost savings, greater use of these electronic transactions also increases risk to patient confidentiality, data integrity, and information availability. HIPAA’s security and privacy rules call for a comprehensive information security program to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI) that organizations acquire, use, access, or store.
According to widely respected sources, an information security program must include the implementation and
review of audit logs as an access control mechanism. For example, the BS 7799 and ISO 17799 code of practice and security specifications include event logging or audit logs as an essential component of monitoring system access and use.

View the White Paper

Share or bookmarklet this web page at: