Developers and HIPAA

Submitted by

How granular should logs be in saving access-to-PHI events?

As a software developer in the role of business associate I have read about what needs to be captured and stored by software that handles PHI for a covered entity. To be a good vendor, we want to provide our customer the requisite log data about user credentialing (adds, permissions, changes, disables, deletes), and about PHI activity within our software product. We currently log all changes to PHI made by our product. ...more »

Voting

1 vote
1 up votes
0 down votes