1 min read

Using audit controls to protect patient data

Evan Fitzgerald January 18, 2017

HIPAA compliance
Businessman examining digital analytics and data visualizations with magnifying glass

As modern healthcare entities make the move to electronic records and communicate electronically via email, it has become more important than ever to have proper audit trails in place. Audit trails maintain a system of record for all application processes and system activity by individual users. Having audit trails in place allows covered entities to review inappropriate access, detect potential breaches and malicious activity, and provide evidence during investigations.

 

Person examining digital analytics and audit data on interactive display

The HIPAA security rule provision on audit controls requires that covered entities and business associate implement systems that maintain record of all access to PHI (protected health information). Having these systems in place allows for covered entities and business associates to monitor all user application activity involving the creation, editing and deletion of PHI.

 

Covered Entities and Business Associates should review their audit logs on a regular basis to keep up to date on access to PHI as well as performance issues within system applications.

The HIPAA security rule doesn’t indicate what specific information should be collected from an audit trail or at what frequency they should be monitored. Covered Entities and Business Associates need to evaluate the risk and exposure involved with regards to how their PHI is accessed within their applications and implement proper applications as necessary. Some factors to consider when selecting information systems include:
  • What levels of security are in place and who has access to view PHI?
  • How much traffic are these applications expected to experience on a daily basis?
  • Does the application create friction and limit the staff’s ability to serve the patients best interest?

 

Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Red first aid kit-shaped USB drive

What is ePHI?

Chloe Bowen : June 25, 2020

If you work in the medical field, you might have heard of the terms "protected health information" or "electronic protected health information" and...

HIPAA compliance
Read More
Doctor holding a question mark sign

Is a name PHI?

Chloe Bowen : June 10, 2020

As we've previously covered, protected health information (PHI) according to HIPAA regulations is any identifiable health information that a covered...

HIPAA compliance
Read More
docusign logo

Is DocuSign HIPAA compliant? (2025 update)

Picture of Tshedimoso Makhene Tshedimoso Makhene : July 7, 2025

DocuSign is a digital platform that allows users to electronically sign, send, and manage documents securely online.

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.