|
Jeff,
Correct. The length of time to maintain audit logs is
determined by your Security Risk Analysis.
The Privacy Rule retention periods give you some guidance in
that they give a period of time that the regs say it is reasonable to
retain SOMETHING (Audit Logs are a very different something).
The opinions expressed here are my own and not necessarily the opinion of
LCMH.
Douglas M. Webb Computer System Engineer Little Company of Mary
Hospital & Health Care Centers [EMAIL PROTECTED]
"This electronic message may contain information that is confidential
and/or legally privileged. It is intended only for the use of the individual(s)
and entity(s) named as recipients in the message. If you are not an
intended recipient of the message, please notify the sender immediately,
delete the material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
----- Original Message -----
Sent: Tuesday, July 22, 2003 03:03
PM
Subject: RE: Acceptable time-frames to
keep Audit logs
The reference in the privacy rule does not apply to Security
Audit logs...
Do not confuse audit logs with the accounting for
disclosure.
There are NO requirments for any audit
logs.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 2:44
PM
To: WEDI SNIP Security Workgroup List
Subject: RE: Acceptable
time-frames to keep Audit logs
Jeff,
The reference is not in
the Security Rule ... it's in the Privacy Rule.
"§ 164.528 Accounting
of disclosures of protected health information.
(a) Standard: Right to an
accounting of disclosures of protected health
information. (1) An
individual has a right to receive an accounting of
disclosures of protected
health information made by a covered entity in
the six years prior to the
date on which the accounting is requested,
except for
disclosures?"
Marsha
Verizon Information
Technologies
Managed Care Division
Phoenix, AZ
Home of the Back To
Back NL West Champion ARIZONA DIAMONDBACKS
Phone -
602.678.6042
Fax - 602.678.6331
E-mail - [EMAIL PROTECTED]
Verizon
Information Technologies offers a broad range of IT solutions and
in-depth
healthcare business expertise to the healthcare industry: Payer
processing
systems, secure data center, outsourcing services and HIPAA
consulting to
name a few. Visit us online at www.VerizonIT.com to learn
how you can
take advantage of one of the world's most advanced
IT
infrastructures.
Confidentiality Notice: This e-mail message,
including any attachments, is
for the sole use of the intended recipient(s)
and may contain confidential
and privileged information. Any unauthorized
review, use, disclosure or
distribution is prohibited. If you are not
the intended recipient, please
contact the sender by reply e-mail and
destroy all copies of the
original
message.
"KERBER,
JEFF"
<[EMAIL PROTECTED]
To: "WEDI SNIP Security
Workgroup List"
<[EMAIL PROTECTED]>
>
cc:
Subject: RE: Acceptable
time-frames to keep Audit
logs
07/22/2003
11:14
AM
Please respond
to
"KERBER, JEFF"
Where in the
security rules do you see a 6 year mandate for audit
logs?
-----Original Message-----
From: Price, Carolyn
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 12:39 PM
To:
WEDI SNIP Security Workgroup List
Subject: RE: Acceptable time-frames to
keep Audit logs
HIPAA mandates 6 years. However, state laws
vary, and if your state law
requires a retention period that is longer than
the HIPAA mandate, the
state
law rules.
Carolyn
Price
-----Original Message-----
From: Pat Cupo
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 10:25 AM
To: WEDI
SNIP Security Workgroup List
Subject: Acceptable time-frames to keep Audit
logs
We are currently developing policies & procedures for
Audit & System
Change Controls. Does anyone have an idea as to how long
these Audit
logs must be kept?
Patrick J. Cupo
Senior Systems
Coordinator
Abington Memorial Hospital
(215) 481-5606
[EMAIL PROTECTED]
"We Provide Very Good
Care"
****************** CONFIDENTIALITY NOTICE
**********************
This e-mail contains LEGALLY PRIVILEGED AND
CONFIDENTIAL INFORMATION
intended only for the use of the recipient named
above. If you are not
the intended recipient, you are hereby notified
that any dissemination or
copying of this e-mail is strictly
prohibited. If you have received this
e-mail in error, please notify
the transmitting hospital by telephone or
e-mail and delete the original
e-mail received in error.
THIS INFORMATION HAS BEEN DISCLOSED TO YOU
FROM RECORDS WHOSE
CONFIDENTIALITY IS PROTECTED BY STATE AND FEDERAL
LAW. ANY FURTHER
DISCLOSURE, COPYING, DISTRIBUTION OR ACTION TAKEN IN
RELIANCE ON THE
CONTENTS OF THESE DOCUMENTS WITHOUT THE PRIOR WRITTEN
CONSENT OF THE
PERSON TO WHOM IT PERTAINS IS PROHIBITED. YOU ARE
REQUIRED TO DESTROY
THE INFORMATION AFTER THE STATED NEED HAS BEEN
FULFILLED.
---
The WEDI SNIP listserv to which you are
subscribed is not moderated. The
discussions on this listserv therefore
represent the views of the
individual
participants, and do not
necessarily represent the views of the WEDI Board
of Directors nor WEDI
SNIP. If you wish to receive an official opinion,
post
your question to
the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products and
services. They also are
not intended to be used as a forum for personal
disagreements or
unprofessional communication at any time.
You are currently subscribed
to wedi-security as: [EMAIL PROTECTED]
To unsubscribe
from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the
same
as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The
WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of
the
individual
participants, and do not necessarily represent the views
of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an
official opinion,
post
your question to the WEDI SNIP Issues Database
at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products and
services. They also are
not intended to be used as a forum for personal
disagreements or
unprofessional communication at any time.
You are currently subscribed
to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from
this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the
same
as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
"This
electronic message may contain information that is
confidential
and/or
legally privileged. It is intended only for
the use of the individual(s)
and entity named as recipients in the
message. If you are not an intended
recipient of the message, please
notify the sender immediately and delete
the material from any
computer. Do not deliver, distribute, or copy this
message, and do
not disclose its contents or take action in reliance on the
information it
contains. Thank you."
---
The WEDI SNIP listserv to which you are
subscribed is not moderated. The
discussions on this listserv therefore
represent the views of the
individual participants, and do not necessarily
represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you
wish to receive an official
opinion, post your question to the WEDI SNIP
Issues Database at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products and
services. They also are
not intended to be used as a forum for personal
disagreements or
unprofessional communication at any time.
You are currently subscribed
to wedi-security as:
[EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The
WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the
WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products and
services. They also are
not intended to be used as a forum for personal
disagreements or
unprofessional communication at any time.
You are currently subscribed
to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from
this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
"This
electronic message may contain information that is confidential
and/or
legally privileged. It is intended only for the use of the
individual(s)
and entity named as recipients in the message. If you
are not an intended
recipient of the message, please notify the sender
immediately and delete
the material from any computer. Do not
deliver, distribute, or copy this
message, and do not disclose its contents
or take action in reliance on the
information it contains. Thank
you."
---
The WEDI SNIP listserv to which you are subscribed is not
moderated. The discussions on this listserv therefore represent the views of
the individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-security as: [EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|
