Differences

This shows you the differences between two versions of the page.

--- policy:data_privacy:log-in_monitoring [2019/06/05 19:51] – tonyromero
+++ policy:data_privacy:log-in_monitoring [2019/06/05 20:08] (current) – tonyromero
@@ Line 23: / Line 23: @@
 ==== University of Colorado Denver HIPPA Policy ====
-HIPAA Policy 9.3 Auditing [[http://www.ucdenver.edu/research/Research%20Administration%20Documents/9.3%20Auditing.pdf|http://www.ucdenver.edu/research/Research%20Administration%20Documents/9.3%20Auditing.pdf]]
+As applicable, the most secure SEHD data are subject to the UCD Auditing [[http://www.ucdenver.edu/research/Research Administration Documents/9.3 Auditing.pdf|HIPAA Policy 9.3.]] The auditing policy requires units that hold medium to high risk ePHI must create a Audit Control and review Plan. Within that plan it states:
+> The system hardware, software, and applications must have the capability of creating log files. These logs must include, but are not limited to:
+  - User ID;
+  - Login date/time; and,
+  - Activity time.
+>  Units must monitor login success and failure to systems that host ePHI. To ensure that unauthorized login attempts are discovered, discrepancies or unusual login patterns must be reported to the department administrator and HIPAA Security Officer.