Health Information Compliance Alert

Reader Questions:

Do We Account For Audit Logs?

Published on Sat Mar 10, 2007

PDF

Question: We have begun auditing our computer systems. Through an exam of the audit logs, we discovered that some patient files were inappropriately accessed. Do those logs need to be included in our patients' accounting of disclosures?

Washington Subscriber

Answer: "No," says John Parmigiani, senior VP for Consulting Services at QuickCompliance in Avon, CT. However, the log should facilitate your HIPAA security rule-mandated incident reporting system, he says. "If you determine nothing's been exposed, you're under no reporting requirements."

Remember: If there has been exposure, the breach must be handled in accordance with your facility's defined policies and procedures for incidents.

The bottom line: "Auditing flows into the incident response," Parmigiani explains. When a potential breach is discovered, the incident response team then investigates it and makes the necessary contacts.

Any breaches must be reported, experts agree. The key function of the reporting requirement is to make sure people whose information has been or may have been compromised have the ability to react.

Health Information Compliance Alert

Privacy:
Don't Let HIPAA Breaches Trip Up Your Facility
HHS security guidance targets electronic PHI. HIPAA is on CMS' radar screen right now, so [...]

You Be The Security Expert:
Can Insurance Companies Disclose PHI?
Read the question below and decide how you would handle it before you compare it [...]

Security:
Don't Duplicate HIPAA Violations: Secure Your Digital Copiers Now
Avoid major security risks with these tips. If you're using a digital office copier in [...]

HIPAA Quiz:
Permitted Disclosure Or Privacy Violation -- What's The Difference?
HIPAA Quiz: Permitted Disclosure Or Privacy Violation -- What's The Difference? 5 scenarios help you [...]

Security Compliance:
Identity & Authenticity: A Dynamic Duo You Need To Meet
Use these tools to ensure your security rule compliance. The HIPAA security rule not only [...]

Security:
Are Your Faxes Accidents Waiting To Happen?
Send the right messages with these simple tips. Faxing: You do it every day -- [...]

Reader Questions:
Do We Account For Audit Logs?
Question: We have begun auditing our computer systems. Through an exam of the audit logs, [...]

Reader Questions:
Who Signs Whose BAA?
Question: We have decided to use a clearinghouse for our transactions. The company we've chosen [...]

Security News:
Identity Theft Task Force Implements Protections
Learn what the government is doing to keep your private information safe. A special task [...]

View All