Using audit controls to protect patient data

As modern healthcare entities make the move to electronic records and communicate electronically via email, it has become more important than ever to have proper audit trails in place.

Audit trails maintain a system of record for all application processes and system activity by individual users.

Having audit trails in place allows covered entities to review inappropriate access, detect potential breaches and malicious activity, and provide evidence during investigations.

Using audit controls to protect patient data

The HIPAA security rule provision on audit controls requires that covered entities and business associate implement systems that maintain record of all access to PHI (protected health information).

Having these systems in place allows for covered entities and business associates to monitor all user application activity involving the creation, editing and deletion of PHI.

Covered Entities and Business Associates should review their audit logs on a regular basis to keep up to date on access to PHI as well as performance issues within system applications.

The HIPAA security rule doesn’t indicate what specific information should be collected from an audit trail or at what frequency they should be monitored.

Covered Entities and Business Associates need to evaluate the risk and exposure involved with regards to how their PHI is accessed within their applications and implement proper applications as necessary.

Some factors to consider when selecting information systems include:

  • What levels of security are in place and who has access to view PHI?
  • How much traffic are these applications expected to experience on a daily basis?
  • Does the application create friction and limit the staff’s ability to serve the patients best interest?
Try Paubox Email Suite for FREE today.

About the author

Evan Fitzgerald

Read more by Evan Fitzgerald

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport