This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Security Management Process: Information System Activity Review Policy

Reference: 45 CFR 164.308(a)(1)(ii)(D)
Last Updated: July 5, 2023


The purpose of the Information System Activity Review Policy is:

  • To determine if any electronic confidential information is being used or disclosed in an inappropriate manner.
  • To develop policies to monitor and control access to the business’ electronic systems.


Procedure: The management team or its designated representative has the right to audit all methods and tools used to handle information or communication within or with outside persons. At the same time, all employees, agents and contractors have the right to report improper behavior to any member of the management team.

  • The Security Manager or its designated representative shall implement and maintain a tracking mechanism to assess the confidentiality of information and ensure compliance with Security policies.
    • Security Manager will perform a random quarterly audit of patient care/employee information users in designated areas.
      • The selection of the area to be audited will primarily be high risk, high volume and/or problem areas. However, all areas will be subject to audit at least annually.
      • Security Manager’s audit reports will be reported to Office Manager/Administrator.
    • Reports of suspected or confirmed breach of confidentiality shall follow the procedures dictated by the Risk Management and Sanction Policies.
    • The Security Manager shall track the following events during the audit:
      • Logins and logouts, successful and unsuccessful.
      • Number of files and sessions opened per Individuals.
      • Files opened, actions taken and authorization of Individuals.
      • Terminals used to access files and type of files.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram