Using audit controls to protect patient data

Featured image

Share this article

As modern healthcare entities make the move to electronic records and communicate electronically via email, it has become more important than ever to have proper audit trails in place.

Audit trails maintain a system of record for all application processes and system activity by individual users.

Having audit trails in place allows covered entities to review inappropriate access, detect potential breaches and malicious activity, and provide evidence during investigations.

Using audit controls to protect patient data

The HIPAA security rule provision on audit controls requires that covered entities and business associate implement systems that maintain record of all access to PHI (protected health information).

Having these systems in place allows for covered entities and business associates to monitor all user application activity involving the creation, editing and deletion of PHI.

Covered Entities and Business Associates should review their audit logs on a regular basis to keep up to date on access to PHI as well as performance issues within system applications.

The HIPAA security rule doesn’t indicate what specific information should be collected from an audit trail or at what frequency they should be monitored.

Covered Entities and Business Associates need to evaluate the risk and exposure involved with regards to how their PHI is accessed within their applications and implement proper applications as necessary.

Some factors to consider when selecting information systems include:

  • What levels of security are in place and who has access to view PHI?
  • How much traffic are these applications expected to experience on a daily basis?
  • Does the application create friction and limit the staff’s ability to serve the patients best interest?
Try Paubox Email Suite for FREE today.
Author Photo

About the author

Evan Fitzgerald

Read more by Evan Fitzgerald

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022