Objectives of the Presentation
Why Should you Attend
- EHR Audit Log - Audit Trail Requirements
- Why they are mandatory - the legal basis
- Why Patients, Lawyers and Government Regulators request them
- The Key to Compliance - Avoiding Legal Peril
The HIPAA Rules and FDA Requirements are easy to follow, step-by-step when you know the steps. Top management - Boards of Directors - CEOs are responsible for complying with the law and they delegate authority to compliance and IT staff.
Audit Trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for FDA review and copying.
However, lawsuits, audits and investigations find Covered Entities and Business Associates not maintaining Audit Logs/Trails unintentionally or in some cases because of staff action not known by management.
Who will Benefit
- Health Care Providers of all types - for example:
- Regional Networks of Health Centers
- Community Clinics
- Multi-Specialty Medical Groups
- Long Term Care, Assisted Living and Skilled Nursing Facilities
- Federally Qualified Health Centers
- Home Health Agencies
- Critical Access Hospitals
- Hospitals with satellite locations (Physician Groups, Imaging Centers, Physical Therapy and Wellness Centers, etc
- Health Care Providers in small group practices with EHRs such as
- Physical Therapists
- Behavioral Health Professionals including Licensed Clinical Social Workers
- Business Associates who provide EHR compliance services for Covered Entities
All EHRs certified to qualify for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Programs must maintain an Audit Log of actions related to Electronic Health Information (EPHI) that supports the forensic reconstruction of the sequence of changes to a patient's chart.
A patient's Privacy Rule right of access to Protected Health Information (PHI/EPHI) includes the right of access to EHR Audit Logs within 30 days of requesting access. Attorneys now routinely demand full discovery of Audit Logs in lawsuits concerning treatment of their clients.
The HIPAA Security Rule Audit Controls Standard requires hardware, software, and/or procedural mechanisms to record and examine activity in information systems containing EPHI and Security Management Process Standard requires regular review of records of information system activity, such as Audit Logs and reports of access to the information system.
Medical devices regulated by the FDA must have secure, computer-generated, time-stamped Audit Trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes may obscure previously recorded information.