Audit Capabilities. 5 a. Audit and logging capabilities will permit HCA to identify, and possibly reverse, 6 unauthorized or unintended changes to data resulting from error or misconduct. 7 b. Application will support the identification of the nature of each access and/or 8 modification through the use of logging. 9 c. Application will employ audit capabilities to sufficiently track details that can establish 10 accountability for each step or task taken in the clinical or operational processes. 11 d. All audit logs will be protected from alteration. 12 e. Audit/logging functionality will comply with NIST Special Publication 800-92, Guide 13 to Computer Security Log Management. 14 f. Access to logs must be limited to authorized users. 15 g. HCA requires that all transactions need to be available for reporting and auditing for a 16 least seven (7) years from the time the record was initiated. 17 h. Auditing functionality must include the following: 18 1) Record who did what to which object, when and on which system, 19 2) Successful/unsuccessful log-in and log-out of users, 20 3) Add, modify, print, and delete actions on data/files/objects, 21 4) Read/view actions on data classified as restricted/confidential, 22 5) Changes to user accounts or privileges (creation, modification, deletion), 23 6) Switching to another users access or privileges after logging in, 24 7) Any action to circumvent security controls, 25 8) Changes of time/date of the system clock, 26 9) Detection of hardware and software errors, and 27 10) Changes to log files.
Appears in 2 contracts
Sources: Agreement for Provision of Fiscal Intermediary Services, Agreement for Provision of Health Exchange Outreach, Education and Assistance Services