Skip to main content
Certifications & Audits

Access Log Review

Periodically examining access logs to detect inappropriate activity on ePHI.

Access Log Review is the practice of periodically examining the records produced by audit logging to detect inappropriate, unauthorized, or anomalous access to ePHI.

HIPAA requires not just that logs be captured, but that they be reviewed; a control is only effective if someone looks at the output. Regular log review turns audit controls into an active detection mechanism and often surfaces the first sign of a security incident.