Most information systems, including electronic health records that contain ePHI have the ability to create log files, which describe the activity occurring to, or within the system. A timely review of system activity can give insight into potential issues that may negatively impact the security of protected health information.

The purpose of this policy is to establish Pacific University's compliance with federal HIPAA regulations including standard practices for reviewing system activity within information systems. These types of reviews may include the activity and access logs of Pacific University medical record systems which store ePHI.

PUNID required to review policy.

Form: Healthcare System Activity Review and Audit Template