HIPAA Security Compliance Project - Identification of Logging and Auditing Requirements

The purpose of the Final Health Insurance Portability and Accountability Act (HIPAA) Security Rule is to adopt national standards for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. This discussion will outline a project 'plan of attack' for a covered entity to identify and address the electronic logging and auditing requirements within the Final HIPAA Security Rule. Compliance projects can be frustrating particularly in large diverse organizations. By identifying and utilizing the proper resources planning carefully and staying organized a project team can meet the challenges successfully. A project team for a fictitious covered entity has been charged with identifying and making recommendations for reconciling the gaps between the company's logging and auditing policies and practices and the requirements of the Final HIPAA Security Rule. The study will follow the steps taken by the project team and will examine some of the challenges in organizing and carrying out such a project in a large financial services organization. It will suggest potential solutions and some alternative approaches.