EHR Audit Trails and HIPAA - A Growing Legal Danger

Duration: 60 Minutes
Instructor: Paul R. Hales
Webinar Id: 801572


One Attendee
Unlimited Attendees ?

This webinar will explain the Audit Log/Trail requirements, what you must do to comply and avoid legal dangers when patients, lawyers or government regulators request the information.


All EHRs certified to qualify for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Programs must maintain an Audit Log of actions related to Electronic Health Information (EPHI) that supports the forensic reconstruction of the sequence of changes to a patient's chart.

A patient's Privacy Rule right of access to Protected Health Information (PHI/EPHI) includes the right of access to EHR Audit Logs within 30 days of requesting access. Attorneys now routinely demand full discovery of Audit Logs in lawsuits concerning treatment of their clients.

The HIPAA Security Rule Audit Controls Standard requires hardware, software, and/or procedural mechanisms to record and examine activity in information systems containing EPHI and Security Management Process Standard requires regular review of records of information system activity, such as Audit Logs and reports of access to the information system.

Medical devices regulated by the FDA must have secure, computer-generated, time-stamped Audit Trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes may obscure previously recorded information.

Audit Trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for FDA review and copying.

However, lawsuits, audits and investigations find Covered Entities and Business Associates not maintaining Audit Logs/Trails unintentionally or in some cases because of staff action not known by management.

The HIPAA Rules and FDA Requirements are easy to follow, step-by-step when you know the steps. Top management - Boards of Directors - CEOs are responsible for complying with the law and they delegate authority to compliance and IT staff.

Why should you Attend: This webinar will explain the Audit Log/Trail requirements, what you must do to comply and avoid legal dangers when patients, lawyers or government regulators request the information.

Areas Covered in the Session:

  • EHR Audit Log - Audit Trail Requirements
  • Why they are mandatory - the legal basis
  • Why Patients, Lawyers and Government Regulatorsrequest them
  • The Key to Compliance - Avoiding Legal Peril

Who Will Benefit:
  • Health Care Providers of all types - for example:
    • Regional Networks of Health Centers
    • Community Clinics
    • Multi-Specialty Medical Groups
    • Long Term Care, Assisted Living and Skilled Nursing Facilities
    • Federally Qualified Health Centers
    • Home Health Agencies
    • Critical Access Hospitals
    • Hospitals with satellite locations (Physician Groups, Imaging Centers, Physical Therapy and Wellness Centers, etc
  • Health Care Providers in small group practices with EHRs such as
    • Dentists
    • Optometrists
    • Chiropractors
    • Physical Therapists
    • Podiatrists
    • Behavioral Health Professionals including Licensed Clinical Social Workers
  • Business Associates who provide EHR compliance services for Covered Entities

Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.

You Recently Viewed