Meet "Security Audit Manager" - the Audit Trail watchdog!
The final Security Rule of HIPPA states: "A covered entity must, in accordance with 164.306...implement hardware, software, and/or procedural mechanisms that record or examine activity in information systems that contain or use electronic protected health information."
Complying with this rule seems like no big deal - simply save audit trails and you're covered, right? Have you gotten a request yet to extract information out of those saved audit trails? Saving audit trails is only half the answer. SAM (Security Audit Manager) helps you comply with the Security Rule by storing the audit trails and helps save your IS staff time by providing fast, flexible and efficient access to the data.
HCIS activity (audit trail information) is transferred real-time from all Meditech applications into one centralized SQL database. Audit trails can then be purged off operational CPUs in a timeframe which maintains maximum storage capacity on those drives. SAM can also collect non-Meditech information, providing a comprehensive and complete audit trail database.
To view user activity, simply use SAM's canned reports or standard SQL reporting tools (e.g. Crystal Reports). SAM comes with a set of canned reports so you can get going quickly and allow your IS staff to focus on other important activities.
The canned reports are designed to easily highlight possible security violations. For example, one of the reports provided with the purchase of SAM can identify users accessing a patient's records:
- where the user has the same last name as the patient
- where the user lives on the same street as the patient
- where the user accessed the patient's record for greater than a specified time (e.g. who is reviewing a patient's record for more than 30 minutes?)
To learn more about SAM, please visit the Iatric Systems at booth (number 312) for a complete listing of SAM standard reports or to see a demonstration.