| Title: |
| Category: HIPAA Compliance |
Authority: 45 CFR §
HIPAA Section: 164.308 (1) (i) (D) |
| Standard: Security Management Process |
Responsibility: Health Care Components |
| Effective Date: 04/20/2005 |
Page 1 of 1 |
| Approved by: OSU Legal Counsel |
Revised: |
Purpose
|
System Activity Tracking |
Policy
|
OSU will review records of information system activity on a periodic basis. Additional reviews will be done as needed where incidents are reported or suspected. The following areas will be reviewed.
- Electronic Medical Records Software
- Practice Management / Financial Software
- Windows / Network Access / Application Access Programs
- Medical Manager
- Xyloc Access Control
Reference
|
| UHS Procedure |
- The UHS security officer shall be responsible for the review of system activity, such as logins, file access, access, level modifications and security incidents. OSU IT security staff are available to offer assistance as needed.
- The audit standards shall be reviewed periodically and modified if indicated.
- UHS Administration shall implement processes to monitor and log access to the UHS business office system.
- UHS shall have in place policies and procedures regarding audit procedures necessary for review of security breaches.
- UHS shall have in place, consistent with OSU personnel policies and procedures, defined security infractions and the associated penalties or disciplinary actions associated with such infractions.
- All staff with access to ePHI shall be made aware of the audit standards.
|
| SWC Procedure |
- The Security Officer/designee shall be responsible for review of system activity, such as logins, file access, access level modification and security incidents. OSU IT will be available to offer assistance as needed.
- SWC shall have in place, consistent with OSU personnel policies and procedure, defined security infraction and the associated penalties or disciplinary actions associated with such infractions.
- SWC shall have in place policies and procedures regarding audit procedures necessary for review of security breaches.
- All staff associated with ePHI shall be made aware of the audit standards.
|
|
