Instructions Before completing this assignment, be sure you read what an AUDIT TRAIL is in your textbook. Since the HIPAA privacy rules was implemented,

Instructions

Before completing this assignment, be sure you read what an AUDIT TRAIL is in your textbook.

Since the HIPAA privacy rules was implemented, you have been drowning in your audit trails reviews. You have finally obtained permission from administration to develop and use triggers to help with the review. These triggers, although not eliminating the review of audit trails, can be used to identify potential unauthorized access much more quickly and easily than using a manual review. Now that you finally have approval, you have to develop the triggers to be used. Administration wants to review your proposed triggers before they are implemented. Identify 10 triggers that you will present to administration for approval. Please be specific.

HINT: You might have pages and pages of the audit trail report. You are trying to get the computer system to do some of the work for you. What would look like highly suspicious activity of someone trying to access information that they shouldn’t? What if someone tried to log in more than 10 times and was not able to (or was able to). This might look like someone trying to access the system that shouldn’t. This would be something you would want to investigate. This would be a good trigger for the system to automatically flag. So your trigger would be any log in attempts that were greater than 10 (or you might want it to be a lower threshold).

SUBMIT AS A WORD DOCUMENT

Adapted from: McCuen, C., Sayles, N. B., & Schnering, P. (2018). Case studies in health information management. Boston, MA: Cengage Learning.

AuditControls (45 CFR 164.312(b)) 

Section 3: Technical Safeguards | 127 Audit controls (no implementation specifications) require installation of hardware, in systems containing software, or manual mechanisms to examine and record activity in ePHI.Audit controls occur at the back end, after activity has occurred, rather than preventatively. One type of audit control is the audit trail, a feature that records user activity such as accessor access attempts in a computer system. Although retrospective, it can provide valuable metadata (data about data) including who accessed (or attempted to access) the system, which part or parts of the system were affected, when the access occurred, what operations occurred (such as create, view, print, edit), and when data were sent and received.This metadata can be used for investigations (andpotential disciplinary actions), breachnotification, and other mitigation efforts (Rinehart-Thompson 2011). The Security hree does not mandatewhat informationmust be collected in an audit report or how equently audit reports must be generated and reviewed. Intrusion detection systems alyzenetwork traffic,sendingan alarm if they detect potentially inappropriate attempts to acessthe network or a particular account. This systemcannot operate independently. butrequires humans to monitor alarms and determinewhether or not they are valid. An organization’s characteristics, as well as findings from a risk analysis, should determine what the reasonable and appropriate audit controls Although the audit are (HHS 2007c). control’s standard addresses the examination and recording of activity that is occurring or has occurred in systems containing ePHI, there are other mechanisms that can preventatively identify abnormal conditions in an electronic system. Intrusion prevention systems identify inappropriate traffic, blocking passage in much the same way as a firewall, which provides a security barrier between an internal trusted network and outside electronic traffic. Like the intrusion detection system, this system also requires humans to monitor alarms and determine whether or not they are valid (Rinehart-Thompson 2011). Systems can also be set up to respond preventatively to an established threshold ofinvalid log-on attempts (use of an incorrect user name or password) to a particular account. After the established number of attempts is reached, additional attempts are prohibited of through time that an account has been lockout. programmed The account lockout may continue for a specified period manually unlocks it into the system or until the network administrator

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions

You are Director of Information Security at Quality Hospital. You have noticed that many employees are not following the organization’s policy and

You are Director of Information Security at Quality Hospital. You have noticed that many employees are not following the organization’s policy and procedure regarding mobile devices. Write a memo to employees outlining the security guidelines for using the hospital’s laptops offsite. What these policy and procedures consist of should be based on

Using the Internet, search for a professional article (not Wikipedia or an online dictionary)  3-4 pages on the topic below. TOPIC :  Epidemiology of a

Using the Internet, search for a professional article (not Wikipedia or an online dictionary)  3-4 pages on the topic below. TOPIC :  Epidemiology of a selected disease Is it endemic, epidemic, pandemic? Diagnosis and treatment Applying pathophysiology Discuss how the information provided in the article added to your understanding of the pathophysiological

WEEK 5 DISCUSSION- DUE WEDNESDAY Read the Warner (2003) article (located in Student Learning Resources). Warner, J. (2003). A phenomenological approach

WEEK 5 DISCUSSION- DUE WEDNESDAY Read the Warner (2003) article (located in Student Learning Resources). Warner, J. (2003). A phenomenological approach to political competence: Stories of nurse activists. Policy, Politics & Nursing Practice, 4(2), 135-143. Reflect upon the development of your political competency and address the following: 1. Consider a time

Explain the relationship between variables and levels of measurement Distinguish between categorical and continuous variables Categorize variables

Explain the relationship between variables and levels of measurement Distinguish between categorical and continuous variables Categorize variables according to the appropriate level of measurement Differentiate between the reliability and validity of a measure Evaluate the reliability and validity of a measure.   Please include 400 words in your initial post and two

Healthcare policies play a critical role in addressing social determinants of health (SDOH), which can contribute to health disparities among different

Healthcare policies play a critical role in addressing social determinants of health (SDOH), which can contribute to health disparities among different populations. Choose a current healthcare policy or initiative aimed at addressing SDOH (e.g., Medicaid expansion, community health programs, or housing initiatives) and discuss its potential to reduce health disparities.

Create a 3- to 4-minute narrated presentation, “Board Pitch,” to summarize your entire capstone proposal for the executive team during the board meeting.

Create a 3- to 4-minute narrated presentation, “Board Pitch,” to summarize your entire capstone proposal for the executive team during the board meeting. (Think PowerPoint presentation with you narrating the content as if you are presenting this presentation to the board) Your presentation should include: Executive Summary: Summarize the proposal,