This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Security Management Process: Information System Audit

Reference: 45 CFR 164.308(a)(1)(ii)(D)
Last Updated: February 7, 2024


The purpose of the Information System Audit is:

  • To establish a procedure to audit team member logins.
  • To track team members activity as they access organization’s files.


Procedure: The Security Manager or its designated representative shall conduct one or more audits during the year to ensure that no unauthorized logins are taking place nor that any unauthorized person had have access to information not otherwise authorized.

  • The Security Manager or its designated representative shall proceed as follows:
    1. Select one to three employees to audit;
    2. Download the Information System Audit Form;
    3. Complete the Information System Audit Form;
    4. Take corrective actions, if needed.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram