Developers and HIPAA

Audit logging requirements for secure messaging

We have implemented a secure text messaging service for our application. It is quite possible that our customers will communicate ePHI to us using this secure service. Are we required to audit log all messages along with who read the message just in case some of the messages may have ePHI in them?

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)


2 votes
2 up votes
0 down votes
Question No. 97