HIPPA: user access report
HIPPA requires that we document when patient data is read as well as change logging. Please add compliance reporting to capture all data reads within the application. Thanks!
Anonymous
shared this idea
Do you have any documentation or web links that explain the requirements you’re asking about?
-
Jessica Maggio
commented
Also a more detailed log of when someone has logged in. It would be nice to be able to see how and how any times people have logged in over a specific time frame.
-
Shreyansh
commented
Hi Trevor,
If you need more information about each and every aspect of HIPAA, then Visit
https://blog.rsisecurity.com/what-are-the-top-5-components-of-the-hipaa-privacy-rule/ -
Anonymous
commented
We would need to know what patient, forms, were accessed so that we can audit those requests as needed. Thanks!
-
Anonymous
commented
I am not a compliance specialist; however, I have been informed by my compliance team that HIPAA requires that any application log all access to patient ePHI, not just modifications to that data. Since we moved to OMSVision, we've already encountered scenarios where read access has been questioned. What I'm looking for is a log of all form/content access for every user in the app.
This excerpt was taken from this site: https://www.hipaajournal.com/hipaa-compliance-checklist/
You all probably have a HIPAA compliance rep who can confirm.Technical Safeguards: Introduce activity logs and audit controls: Required - The audit controls required under the technical safeguards are there to register attempted access to ePHI and record what is done with that data once it has been accessed.
From what I can tell, we need audit logging of what users view not just what they change.