Instructions
Before completing this assignment, be sure you read what an AUDIT TRAIL is in your textbook.
Since the HIPAA privacy rules was implemented, you have been drowning in your audit trails reviews. You have finally obtained permission from administration to develop and use triggers to help with the review. These triggers, although not eliminating the review of audit trails, can be used to identify potential unauthorized access much more quickly and easily than using a manual review. Now that you finally have approval, you have to develop the triggers to be used. Administration wants to review your proposed triggers before they are implemented. Identify 10 triggers that you will present to administration for approval. Please be specific.
HINT: You might have pages and pages of the audit trail report. You are trying to get the computer system to do some of the work for you. What would look like highly suspicious activity of someone trying to access information that they shouldn’t? What if someone tried to log in more than 10 times and was not able to (or was able to). This might look like someone trying to access the system that shouldn’t. This would be something you would want to investigate. This would be a good trigger for the system to automatically flag. So your trigger would be any log in attempts that were greater than 10 (or you might want it to be a lower threshold).
SUBMIT AS A WORD DOCUMENT
Adapted from: McCuen, C., Sayles, N. B., & Schnering, P. (2018). Case studies in health information management. Boston, MA: Cengage Learning.
AuditControls (45 CFR 164.312(b))
Section 3: Technical Safeguards | 127 Audit controls (no implementation specifications) require installation of hardware, in systems containing software, or manual mechanisms to examine and record activity in ePHI.Audit controls occur at the back end, after activity has occurred, rather than preventatively. One type of audit control is the audit trail, a feature that records user activity such as accessor access attempts in a computer system. Although retrospective, it can provide valuable metadata (data about data) including who accessed (or attempted to access) the system, which part or parts of the system were affected, when the access occurred, what operations occurred (such as create, view, print, edit), and when data were sent and received.This metadata can be used for investigations (andpotential disciplinary actions), breachnotification, and other mitigation efforts (Rinehart-Thompson 2011). The Security hree does not mandatewhat informationmust be collected in an audit report or how equently audit reports must be generated and reviewed. Intrusion detection systems alyzenetwork traffic,sendingan alarm if they detect potentially inappropriate attempts to acessthe network or a particular account. This systemcannot operate independently. butrequires humans to monitor alarms and determinewhether or not they are valid. An organization’s characteristics, as well as findings from a risk analysis, should determine what the reasonable and appropriate audit controls Although the audit are (HHS 2007c). control’s standard addresses the examination and recording of activity that is occurring or has occurred in systems containing ePHI, there are other mechanisms that can preventatively identify abnormal conditions in an electronic system. Intrusion prevention systems identify inappropriate traffic, blocking passage in much the same way as a firewall, which provides a security barrier between an internal trusted network and outside electronic traffic. Like the intrusion detection system, this system also requires humans to monitor alarms and determine whether or not they are valid (Rinehart-Thompson 2011). Systems can also be set up to respond preventatively to an established threshold ofinvalid log-on attempts (use of an incorrect user name or password) to a particular account. After the established number of attempts is reached, additional attempts are prohibited of through time that an account has been lockout. programmed The account lockout may continue for a specified period manually unlocks it into the system or until the network administrator
