Compliance audit concept

Audit Trail Requirements

Filed Under: , EMR Regulations, Tables
January 26, 2022 by dev_team
HIPAA Security Rule Description
45 CFR 160, 162, 164 These rules created standards to address how health information may be used and protected
45 CFR 164.308(a)(1)(ii)(C) 45 CFR 164.312(b) Requires regular monitoring of system activity, including audit logs and access reports, by IT personnel or compliance officers on at least a quarterly basis.
45 C.F.R. 164.312 Since an audit trail is created by automated monitoring software that contemporaneously records the manipulation of a patient’s EMR as it occurs, information is recorded every time a user views, edits, prints, deletes, downloads, exports, or otherwise manipulates any part of a patient’s EMR. Federal and state law require these audit controls.
45 CFR 164.312(b) Requires every covered entity or business associate to use standard “audit controls” through implementation of “hardware, software, and/or procedural mechanisms to record and examine system activity in information systems that contain or use electronic protected health information.”
45 CFR 164.312(c)(1) & (2) Requires entities to “implement policies and procedures to protect electronic protected health information from improper alteration or destruction” and implement “mechanisms to authenticate electronic protected health information… to corroborate that electronic health information has not been altered or destroyed in an unauthorized manner.”
45 CFR 164.312(d) Requires entities to implement procedures to authenticate the person or entity seeking record access
45 C.F.R. 164.316 Requires entities to document the policies and procedures for the required specifications.
45 C.F.R. 170 The subchapter of Health Information Technology’s Part named Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology was adopted to assist in understanding the standards

Contact Us


Schedule a Free Initial Case Consultation

Debating a case theory or stuck on a critical decision point? Our extensive understanding and technical knowledge of electronic medical record systems will help you unravel the complex nature of digital health data and increase the speed and efficiency at which you build a strong case.

Schedule a free consultation with one of our experts today!