Systems Activity Review: Key to an Effective Security Program

This presentation is a recording of a webinar given on 8/5/2020 hosted by Clearwater Senior Principal Consultant, Dawn Morgenstern with Clearwater Consultant, Trapper Brown


An important step in protecting electronic protected health information (ePHI) is to implement reasonable and appropriate procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Information system activity reviews serve as the primary mechanism for determining if any ePHI is used or disclosed in an inappropriate manner. As such, they are a key element of an effective security program as well as a key HIPAA requirement.

This webinar will cover how to develop and implement a strong system activity review program to better prepare and equip an organization to and respond rapidly in the event of an incident or breach.

This webinar discussed topics such as:

  • Define an information system activity review and how to identify the systems that create, receive, maintain, or transmit ePHI.
  • Identify and document what data is generated, recorded, or stored within each information system’s infrastructure.
  • Identify and document what systems do not generate actionable logs or reports and how to enforce additional access control measures.
  • Develop information system activity review policies and procedures that are comprehensive, customized, feasible, and agile.

Related Blogs

With Us