Audit Controls
STANDARD§ 164.312(b) Audit Controls
"Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information."
Organizations that use the Kiva Logic software should periodically review our built-in Audit Log to verify that the access that admin users have is being used responsibly and in accordance with the user control control roles.
Performing and Audit
To review the Audit Log, you can view a log of all admin user access and actions for a give timeframe. After reviewing the log of the access/actions, click on 'Mark Audit Complete'.
A popup modal will appear. To complete the audit for the give timeframe you reviewed, type your full name in the text input box, then click on 'Complete Audit'.
This is a very useful to keep track of what log entries have been reviewed by a security officer, and what log entries need to be reviewed still.
Audit History
After completing an audit, you are taken to the "Audit History" page. This page keeps a record of when an audit was performed, which admin user performed it, up to what date the audit was for, and displays the name that was typed in by the admin user performing the audit.
This report can also be accessed at any time by "Full Admin" users by clicking on the 'View Audit History' button at the top right of the "Audit Log".
Hardware Audits
Since Kiva Logic is maintaining the hosting with our HIPAA compliant hosting partners, we perform a monthly review along with our hosting partners of all access to the servers that host the Kiva Logic web application.