It is under POLICIES & PROCEDURES & DOCUMENTATION REQUIREMENTS, at the end of the regs.
(Embedded image moved to file: pic29200.pcx)
Terie Musgrove, RHIT
HIPAA Compliance Coordinator
Akron Children's Hospital
e-mail: [EMAIL PROTECTED]
Chris McLean
<[EMAIL PROTECTED] To: "WEDI SNIP Security Workgroup
List"
nehcm.com> <[EMAIL PROTECTED]>
cc:
07/22/2003 03:29 Subject: RE: Acceptable time-frames to
keep
PM Audit logs
Please respond
to Chris McLean
I don't remember seeing anything specifically for audit logs, but I
remember
seeing the 6 year retention mandate somewhere. I just can't place it
right
now. maybe in the privacy side? I, to be on the safe side, would include
audit logs and any risk assessment reviews in the specified record
retention
time frame. To me it makes prudent sense to keep the documentation .
Especially to prove compliance, let alone legal aspects, which I don't have
the expertise to dive into.
But this is just my humble opinion.....
Chris McLean
Network Coordinator
Greystone Health Care Management
(813) 635-9500
[EMAIL PROTECTED]
-----Original Message-----
From: KERBER, JEFF [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 2:15 PM
To: WEDI SNIP Security Workgroup List
Subject: RE: Acceptable time-frames to keep Audit logs
Where in the security rules do you see a 6 year mandate for audit logs?
-----Original Message-----
From: Price, Carolyn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 12:39 PM
To: WEDI SNIP Security Workgroup List
Subject: RE: Acceptable time-frames to keep Audit logs
HIPAA mandates 6 years. However, state laws vary, and if your state law
requires a retention period that is longer than the HIPAA mandate, the
state
law rules.
Carolyn Price
-----Original Message-----
From: Pat Cupo [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 10:25 AM
To: WEDI SNIP Security Workgroup List
Subject: Acceptable time-frames to keep Audit logs
We are currently developing policies & procedures for Audit & System
Change Controls. Does anyone have an idea as to how long these Audit
logs must be kept?
Patrick J. Cupo
Senior Systems Coordinator
Abington Memorial Hospital
(215) 481-5606
[EMAIL PROTECTED]
"We Provide Very Good Care"
****************** CONFIDENTIALITY NOTICE **********************
This e-mail contains LEGALLY PRIVILEGED AND CONFIDENTIAL INFORMATION
intended only for the use of the recipient named above. If you are not
the intended recipient, you are hereby notified that any dissemination or
copying of this e-mail is strictly prohibited. If you have received this
e-mail in error, please notify the transmitting hospital by telephone or
e-mail and delete the original e-mail received in error.
THIS INFORMATION HAS BEEN DISCLOSED TO YOU FROM RECORDS WHOSE
CONFIDENTIALITY IS PROTECTED BY STATE AND FEDERAL LAW. ANY FURTHER
DISCLOSURE, COPYING, DISTRIBUTION OR ACTION TAKEN IN RELIANCE ON THE
CONTENTS OF THESE DOCUMENTS WITHOUT THE PRIOR WRITTEN CONSENT OF THE
PERSON TO WHOM IT PERTAINS IS PROHIBITED. YOU ARE REQUIRED TO DESTROY
THE INFORMATION AFTER THE STATED NEED HAS BEEN FULFILLED.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
"This electronic message may contain information that is confidential
and/or
legally privileged. It is intended only for the use of the individual(s)
and entity named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately and delete
the material from any computer. Do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
**************************************************************
**************************************************************
This email and any attachments addressed from [EMAIL PROTECTED] is
intended for the exclusive use of [EMAIL PROTECTED] The
information contained in this email may be proprietary, confidential,
privileged, and exempt from disclosure under
applicable law. If the reader of this email is not
[EMAIL PROTECTED] or an agent responsible for delivering the
message to the intended recipient, the reader is hereby put on notice that
any use, dissemination, distribution, or
copying of this communication is strictly prohibited. If the reader has
received this communication in error,
please immediately notify [EMAIL PROTECTED] by email and delete all
copies of this email along with any attachments.
**************************************************************
**************************************************************
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same
as the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
pic29200.pcx
Description: Binary data
--- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
