You Ought To Be Auditing!

Do you know who is accessing the practice’s patient’s protected health information (“PHI”)?

While many healthcare providers would quickly respond, “of course,” healthcare providers would be surprised to find out how easily it is to access electronic PHI stored on hard drives and electronic medical records (“EMR”).

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog ).

As with all technology, there is a guise of secrecy when an individual can click on a file, view it, and close it.  If that same individual wanted to view a paper chart, they would likely have to open the file cabinet, find the paper chart, view it and put it away with other office personnel becoming suspect.  With technology, an individual can view a patient’s chart with a click of a button from the privacy of his/her workstation.

 The American Health Information Management Association (“AHIMA”) recently published its “Privacy and Security Audits of Electronic Health Information” guide, which laid out some healthcare security audit best practices.  Article.  “While maintaining equilibrium between making the data useful and available for users and keeping it secure, AHIMA provided some reminders and tips security audits using audit trails and audit logs to peer into back-end systems.”
Healthcare providers should implement and proactively review audit logs.
Audit logs are vital for recognizing inappropriate access to patient’s charts.  For example, audit logs can:
  1. Identify when VIP patient records (i.e., board members, celebrities, governmental or community figures, physician providers, management staff, or other highly publicized individuals) are accessed;
  2. Identify when patient files are accessed after no activity for 120 days; and
  3. Identify when patients’ files are accessed by employees or workstations that should not have access to said files (scheduler accessing patient’s PHI).

Audit logs can be very helpful in allowing a practice to analyze how well patient’s PHI is being protected from inappropriate access.

Once you can see how the data is accessed, you can act to reduce vulnerabilities and set up additional security processes and protocols to protect your patients’ information.
We can help you craft a HIPAA Compliance Plan that includes audit policies and procedures.


We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, 

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

P.S. If you or your patients are interested in consumer healthcare issues, check out

Related Posts


Recent Posts

Legal Documents for Your Graduating Senior
January 26, 2023
Can I Terminate My Physician Employment Agreement?
January 24, 2023
Do You Worry About Your Parents’ Health?
January 19, 2023
How Do I Escape My Non-Compete Clause?
January 17, 2023
Reasons Not to Have an Estate Plan
January 12, 2023


Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.


Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!