EHR Audit Trails and HIPAA - A Growing Legal Danger

Duration: 60 Minutes
Instructor: Paul R. Hales
Webinar Id: 801572


One Attendee
Unlimited Attendees ?

This webinar will explain the Audit Log/Trail requirements, what you must do to comply and avoid legal dangers when patients, lawyers or government regulators request the information.


All EHRs certified to qualify for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Programs must maintain an Audit Log of actions related to Electronic Health Information (EPHI) that supports the forensic reconstruction of the sequence of changes to a patient's chart.

A patient's Privacy Rule right of access to Protected Health Information (PHI/EPHI) includes the right of access to EHR Audit Logs within 30 days of requesting access. Attorneys now routinely demand full discovery of Audit Logs in lawsuits concerning treatment of their clients.

The HIPAA Security Rule Audit Controls Standard requires hardware, software, and/or procedural mechanisms to record and examine activity in information systems containing EPHI and Security Management Process Standard requires regular review of records of information system activity, such as Audit Logs and reports of access to the information system.

Medical devices regulated by the FDA must have secure, computer-generated, time-stamped Audit Trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes may obscure previously recorded information.

Audit Trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for FDA review and copying.

However, lawsuits, audits and investigations find Covered Entities and Business Associates not maintaining Audit Logs/Trails unintentionally or in some cases because of staff action not known by management.

The HIPAA Rules and FDA Requirements are easy to follow, step-by-step when you know the steps. Top management - Boards of Directors - CEOs are responsible for complying with the law and they delegate authority to compliance and IT staff.

Why should you Attend: This webinar will explain the Audit Log/Trail requirements, what you must do to comply and avoid legal dangers when patients, lawyers or government regulators request the information.

Areas Covered in the Session:

  • EHR Audit Log - Audit Trail Requirements
  • Why they are mandatory - the legal basis
  • Why Patients, Lawyers and Government Regulatorsrequest them
  • The Key to Compliance - Avoiding Legal Peril

Who Will Benefit:
  • Health Care Providers of all types - for example:
    • Regional Networks of Health Centers
    • Community Clinics
    • Multi-Specialty Medical Groups
    • Long Term Care, Assisted Living and Skilled Nursing Facilities
    • Federally Qualified Health Centers
    • Home Health Agencies
    • Critical Access Hospitals
    • Hospitals with satellite locations (Physician Groups, Imaging Centers, Physical Therapy and Wellness Centers, etc
  • Health Care Providers in small group practices with EHRs such as
    • Dentists
    • Optometrists
    • Chiropractors
    • Physical Therapists
    • Podiatrists
    • Behavioral Health Professionals including Licensed Clinical Social Workers
  • Business Associates who provide EHR compliance services for Covered Entities

Speaker Profile
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.

You Recently Viewed