Bulletproof Office Helping You to Better Enable Your IT

By: Steve | December 09, 2014

The HIPAA Security Rule imposes a number of requirements that the HHS Office For Civil Rights (OCR) has begun auditing for compliance, including four requirements related to information system and ePHI activity, as outlined below:


HIPAA §164.308(a)(1)(ii)(D) requires healthcare providers to implement procedures to regularly review records of information system activity, such as audit logs, access reports and security incident tracking reports.

ePHI Data Breach Statistics

HIPAA §164.312(B) requires healthcare providers to implement hardware, software,and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information(ePHI). 


HIPAA §164.308(a)(5)(ii)(C) require...