Skip to main content
Security Safeguards

Audit Controls

HIPAA-required mechanisms that record and examine activity in systems holding ePHI.

Audit Controls are a HIPAA Security Rule technical safeguard requiring hardware, software, or procedural mechanisms that record and examine activity in information systems containing ePHI.

In practice, audit controls are implemented through audit logging, capturing who accessed what data and when, so that access can be reviewed and anomalies investigated. Reliable, tamper-resistant logs are central to demonstrating compliance and supporting breach investigations.