The final security rule references a few of the NIST 800 series documents that are generally a good resource for best practices. In particular HHS noted NIST 800-14 http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
You will find what you need on pgs. 50 - 52. As this document only provides a "high-level" overview you may also want to check out the "logging" area of the SANs reading room as it will have more detail on the technical "how-to" aspects- http://www.sans.org/rr/catindex.php?cat_id=33
Feel free to contact me offline if you have any further questions.
Regards,
Tim Kery VP Business Development BearHill Security, Inc [EMAIL PROTECTED] 800-618-4487 x7792 www.bearhill.com
[EMAIL PROTECTED] wrote:
Could anyone direct me to a Web resource that provides guidelines for developing audit trails as required by HIPAA Security?
Regards,
John Monaghan, CISSP, CISA Sr. Project Manager, Security Assurance Empire BlueCross BlueShield 212.476-2070
"WellChoice, Inc." made the following annotations on 08/21/2003 11:27:23 AM ------------------------------------------------------------------------------ Attention! This electronic message contains information that may be legally confidential and/or privileged. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Release/Disclosure Statement
--- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org