|
|
|
|
|
Posts: 1,023
Joined: February 2011
|
|
#58959
12/15/2013 2:06 PM
|
Joined: Jun 2010
Posts: 147
Member
|
OP
Member
Joined: Jun 2010
Posts: 147 |
I am updating my security risk analysis.
I need to show a policy/procedure to check for security vulnerabilities / breeches regarding checking audit logs, ehr logs, remote access logs [log-me in];
and security for firewall / router
[I do not use a vpn -or at least i do not think i do]
I use a main computer as the server using vista os
I feel very not smart about this.
I viewed the audit log on amazing charts, and there were over 1000 events in one day - how am i supposed to see if there are problems.
the same with the windows event audit that i ran
I would welcome any help on this - or a reference link for 'for dummies'
thanks
Richard
Pediatrician
Orlando, FL
|
|
|
|
|
Joined: Oct 2011
Posts: 207
Member
|
|
Member
Joined: Oct 2011
Posts: 207 |
hi Richard,
I had the same question. I am showing 15,000 logs from my staff from 12/1 to present . the only sensible way to interpret this requirement in my view is to look at them if there is any question of a breach or hacking having occurred . Otherwise I see no point in looking at this. Incidentally many times AC will give a runtime error and close when I click on the audit log, not sure why. Unless there is a way for AC to flag suspicious events this is not useful .
Bala
|
|
|
|
|
Joined: Sep 2009
Posts: 2,989 Likes: 5
Member
|
|
Member
Joined: Sep 2009
Posts: 2,989 Likes: 5 |
I assume you are looking at this. It has a lot of verbiage. Since it says areas "to consider" I took that to mean that they were not all strict requirements. I can only tell you what I did with the logs; I cannot promise this is what an auditor would want, but I hope so. View the log for a set period (perhaps one month) and sort it by user. If all of the access is by active users whom you have granted permission to use the program, then you have "monitored users and their activities".
Jon
GI
Baltimore
Reduce needless clicks!
|
|
|
|
|
Joined: Oct 2011
Posts: 207
Member
|
|
Member
Joined: Oct 2011
Posts: 207 |
Thanks Jon.
I had seen that and frankly did not think of looking at the audit logs till I saw this post. Yesterday I did go thru the logs as you suggested , for nov for 1 month and recorded the report in PDF format just in case of an audit . Incidentally there are reports of more auditing including 'limited audit' and detailed audits. Do not know what this involves . I got a letter from CMS asking for proof of having used a EMR and had to provide receipts account statements and EULA. Hopefully that is all they need.
I would be interested if any of the users here know what these audits require
bala
|
|
|
|
|
|
|
2 members (Ruben, ChrisFNP),
40
guests, and
12
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
|
|
