Security Management Process: Information System Activity Review-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the fourth implementation specification for the Administrative Safeguard Standard (Security Management Process). This implementation specification is required. What to Do Implement procedures to regularly review records of information of system activity, such as audit logs, access reports, and security incident tracking reports. How to Do It Size of the covered entity and complexity of the business operation will be key considerations in the risk analysis and in fulfilling the requirements of this implementation specification. First, regularly review information system activity for inappropriate use or security incidents, such as unauthorized disclosure. Many computer systems now have built-in reporting functionality…

READ MORE