Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Do you know how to view your audit logs?

Posted on December 28, 2017 by Jean Eaton in Blog

Rebecca Herold, The Privacy Professor,  has predicted 11 privacy and security trends to watch – and prevent – in 2018.

I think that #5, Increased incidents of insiders selling patient data is likely a trend that we can prevent with regular monitoring of our audit logs of both our computer networks and our EMR's and other software and apps.

Rebecca predicts that “more insiders will take advantage of their access to valuable data because they know there are few logs of their access to catch them, or they see no one is reviewing the logs that do exist. All organizations need to establish access monitoring policies and procedures, and consistently enforce noncompliance.”

[clickToTweet tweet=”Do you know how to view your computer network and EMR software audit logs?” quote=”Do you know how to view your computer network and EMR software audit logs?”]

Audit logs can help you to monitor the activity of authorized and unauthorized users in your computer network and electronic medical record (EMR) and other software applications. Start by reviewing the audit logs ‘by exception'.

For example, if your clinic is open from 9-5, start by reviewing the audit log for user activity when the clinic is closed. Are there any users who consistently forget to log off? Or, are there authorized users who are accessing the network remotely. Is this an acceptable use for these users?

 If you don't know how to view your audit logs, schedule a 15 minute meeting with your computer network and EMR help-desk. It is usually easy to do – once you have the correct permissions settings set up.

When was the last time that you viewed your audit logs?

You should review the audit logs regularly and keep a journal or checklist of your regular security actions to document your good practices. When you spot potential problems, record the corrective actions that you take to follow-up.

When you have a managed computer network service provider, monitoring computer network traffic  may be included in your service package. Remember, you can delegate but you can't abdicate. Your computer network service provider may be able to identify intrusion attempts but you need to review the audit logs regularly to determine if authorized users are using their permissions to properly follow the privacy principles – the least amount of information, on a need to know basis.

 

Rebecca Herold is President of SIMBUS LLC, a cloud-based privacy and security firm and also CEO of The Privacy Professor, See Rebecca's article here: https://www.healthcareinfosecurity.com/blogs/health-data-privacy-security-what-will-2018-bring-p-2578 

audit logs, EMR, health care, healthcare

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

I have used Corridor's Privacy Awareness in Healthcare: Essentials online training program. The course has helped satisfy the training requirements of the Health Information Act. Staff go through the course at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2020 Information Managers Ltd.