HIPAA Syslog Requirements

The HIPAA Security Rule Compliance Reporter

• Syslog is a security feature intended to identify any threats to a network system. Whenever there is a problem, it generates a message which is sent to a specific management system where a solution is sought. For instance, if there is a security threat to the network, the system will generate a report which will be delivered to the administrator. This is why a HIPAA covered organization is required to have such a security feature in its information technology system. This ensures "the confidentiality, integrity, and availability of all electronic protected health information (ePHI)" under the company's control, according to HIPAA.

Protected Health Information

• A HIPAA covered organization is required to implement comprehensive security measures, including the collection and analyzing of logs from different sources. An organization is required to maintain a six-month record of everything happening on its network to make sure it is in compliance with HIPAA. Log management is essential for ensuring that computer records are stored in sufficient detail for an appropriate period of time. Routine analysis is helpful in identifying security incidents, policy violation or fraudulent activities. Logs are also crucial for auditing and forensic analysis, especially when conducting an internal investigation. It is for that reason that HIPAA requires an organization to diligently monitor its log's activity as part of security maintenance.

Administrative Safeguards

• Logs are intended to control access to electronic health information. That is why only a person or software program granted access rights must be allowed. You also must have a data back-up plan, lest your system crashes and you lose all the information. "Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information," according to HIPAA.