All EHRs certified to qualify for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Programs must maintain an Audit Log of actions related to Electronic Health Information (EPHI) that supports the forensic reconstruction of the sequence of changes to a patient's chart.
A patient's Privacy Rule right of access to Protected Health Information (PHI/EPHI) includes the right of access to EHR Audit Logs within 30 days of requesting access. Attorneys now routinely demand full discovery of Audit Logs in lawsuits concerning treatment of their clients.
The HIPAA Security Rule Audit Controls Standard requires hardware, software, and/or procedural mechanisms to record and examine activity in information systems containing EPHI and Security Management Process Standard requires regular review of records of information system activity, such as Audit Logs and reports of access to the information system.
Medical devices regulated by the FDA must have secure, computer-generated, time-stamped Audit Trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes may obscure previously recorded information.
Audit Trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for FDA review and copying.
However, lawsuits, audits and investigations find Covered Entities and Business Associates not maintaining Audit Logs/Trails unintentionally or in some cases because of staff action not known by management.
The HIPAA Rules and FDA Requirements are easy to follow, step-by-step when you know the steps. Top management - Boards of Directors - CEOs are responsible for complying with the law and they delegate authority to compliance and IT staff.
Why should you Attend: This webinar will explain the Audit Log/Trail requirements, what you must do to comply and avoid legal dangers when patients, lawyers or government regulators request the information.
Areas Covered in the Session: