Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do you know how to view your audit logs?

Sharing is caring!

0 shares
  • Share
  • Tweet
  • LinkedIn
  • Email

Rebecca Herold, The Privacy Professor,  has predicted 11 privacy and security trends to watch – and prevent – in 2018.

I think that #5, Increased incidents of insiders selling patient data is likely a trend that we can prevent with regular monitoring of our audit logs of both our computer networks and our EMR's and other software and apps.

Rebecca predicts that “more insiders will take advantage of their access to valuable data because they know there are few logs of their access to catch them, or they see no one is reviewing the logs that do exist. All organizations need to establish access monitoring policies and procedures, and consistently enforce noncompliance.”

[clickToTweet tweet=”Do you know how to view your computer network and EMR software audit logs?” quote=”Do you know how to view your computer network and EMR software audit logs?”]

Audit logs can help you to monitor the activity of authorized and unauthorized users in your computer network and electronic medical record (EMR) and other software applications. Start by reviewing the audit logs ‘by exception'.

For example, if your clinic is open from 9-5, start by reviewing the audit log for user activity when the clinic is closed. Are there any users who consistently forget to log off? Or, are there authorized users who are accessing the network remotely. Is this an acceptable use for these users?

 If you don't know how to view your audit logs, schedule a 15 minute meeting with your computer network and EMR help-desk. It is usually easy to do – once you have the correct permissions settings set up.

When was the last time that you viewed your audit logs?

You should review the audit logs regularly and keep a journal or checklist of your regular security actions to document your good practices. When you spot potential problems, record the corrective actions that you take to follow-up.

When you have a managed computer network service provider, monitoring computer network traffic  may be included in your service package. Remember, you can delegate but you can't abdicate. Your computer network service provider may be able to identify intrusion attempts but you need to review the audit logs regularly to determine if authorized users are using their permissions to properly follow the privacy principles – the least amount of information, on a need to know basis.

 

Rebecca Herold is President of SIMBUS LLC, a cloud-based privacy and security firm and also CEO of The Privacy Professor, See Rebecca's article here: https://www.healthcareinfosecurity.com/blogs/health-data-privacy-security-what-will-2018-bring-p-2578 

audit logs, EMR, health care, healthcare

What is the elephant in the room?

The Elephant in the Room Find out here...

 

Privacy Policy

 

I have used Corridor's Privacy Awareness in Healthcare: Essentials online training program. The course has helped satisfy the training requirements of the Health Information Act. Staff go through the course at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2023 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}