164.308(a)(5)(ii)(C) - Log-in Monitoring (Addressable)

Illustrative Controls and TIBCO LogLogic Solution

To establish user identification, implement authentication, and enforce access rights, you must deploy cost-effective technical and procedural measures and keep them current. All logins to network devices, operating systems, databases, and applications must be reviewed to ensure only authorized and appropriate personnel have access. Monitor and verify all user access to programs and data. Review access to ensure segregation of duties as well that all privileges are properly assigned and approved.

To satisfy this control objective, administrators must assess the authentication mechanisms used to validate user credentials (new and existing) for healthcare reporting systems to support the validity of transactions. Server and application activities must be monitored for locked-out and enabled accounts as they can represent malicious activities.

Reports and Alerts

Use the following link or reference to see the 164.308(a)(5)(ii)(C) reports and alerts: 164.308(a)(5)(ii)(C) - Log-in Monitoring (Addressable).