The electronic transaction of the confidential patient health information through organizational and public networks requires protection against unauthorized access.The HIPAA compliance norms make it necessary for the health entities to incorporate a security audit system in the network, to maintain complete record of all the past and present health-care transactions.Security audit brings in accountability to the system and pinpoints the offender in case of breach in privacy of patient health information.
The audit system should host such features, which allow complete monitoring of the computer network and bring to notice of administrators unnatural activity to prevent any security lapse. If however a lapse does occur the auditors can know, how and when the event happened, and who did it. Following are the features, which an ideal network audit system should have:
- Ability to record the time, nature and type of login, whether it is unauthorized or unauthorized.This deters hostile users like hackers as they know they are under spot light at same time keeps tabs on what type of information is accessed by the authorized user.
- Able to provide the log off time, details of the user and type of information accessed before the log off occurred.
- Provide detailed report on unsuccessful login, which includes the username, the number of attempts, date and time. This feedback is used to increase the vigilance and further strengthen the network.
- Able to pinpoint the objects accessed, like a file or directory and the whether the content was read, copied, deleted or modified. It should provide a feedback on the integrity of the content so that if any changes are made, the administration know whether these changes where legal or illegal.
- Maintain complete record of the start-up and shut down time of the local system.
- Able to maintain complete record of both successful and unsuccessful login of authorized users.
- Store and protect data for a desired time limit.
- Provide easy auditors easy access to the desired data.
- Ability to monitor the message flow, in and out, of the network. The security audit should track who sent the message to whom and what was in it.
It is mandatory for the health service providers to ensure HIPAA compliance of their networks, other wise they risk severe penalties or criminal convictions. The security of the health information stored in the organizational network or flowing in and out of it, is of paramount importance. A right auditing system does round-the-clock surveillance of computer network and raises alarms against hostile intrusion and thus denies any security breach. This is completely in line with HIPAA compliance norms.
The security audit protects the patient health information in the network through continuous vigilance.
Read more on HIPAA compliance at, www.empowerbpo.com