164.312(c)(2) - Mechanism to Authenticate Electronic Protected Health Information (Addressable)
Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
Illustrative Controls and TIBCO LogLogic Solution
A logging and monitoring function enables the early detection of unusual or abnormal activities. Administrators must ensure that IT security implementation is tested and monitored proactively.
IT security should be routinely reaccredited to ensure the approved security level is maintained. IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the Implementation specification for audit controls over electronic protected health information systems and networks.
To satisfy this requirement, administrators must review the user access logs on a regular basis for any access violations or unusual activity. Administrators must routinely review reports that show user access to servers that store, process or transmit electronic protected health information. Review of these reports must be shown to auditors to satisfy this requirement.
The TIBCO LogLogic Compliance Suite captures the activities on information systems and communication devices across the entity’s enterprise to allow entities to oversee the protection of electronic protected health information. Activities that increase risk or potentially impact the integrity and authenticity of electronic protected health information are highlighted in custom reports and alerts so the security posture of the enterprise can be maintained. Because of the breadth of solutions and devices that TIBCO LogLogic interfaces with, data can be cross referenced to provide a corroborative method of analyzing threats to the integrity, confidentiality and availability of electronic protected health information.
Reports and Alerts
Use the following link or reference to see the 164.312(c)(2) reports and alerts: 164.312(c)(2) - Mechanism to Authenticate Electronic Protected Health Information (Addressable).