Information System Activity Review Clause Samples

The Information System Activity Review clause establishes the requirement for regular monitoring and assessment of activities within an organization's information systems. Typically, this involves reviewing logs, access records, and system usage to detect unauthorized access, unusual patterns, or potential security incidents. By mandating such reviews, the clause helps organizations identify and respond to security threats promptly, thereby reducing the risk of data breaches and ensuring compliance with relevant security policies and regulations.
Information System Activity Review. Business Associate will regularly capture and review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Business Associate will employ Security Event and Incident Monitoring (▇▇▇▇) technology such as intrusion detection and prevention systems on IT systems that create, receive, transmit, transact, or store PHI and will review and analyze activity records for indications of inappropriate or unusual activities daily. Business Associate will retain the activity logs for a minimum of six (6) years. Business Associate shall make such logs available to ▇▇▇▇▇▇, upon request, as ▇▇▇▇▇▇ reasonably determines is necessary to investigate a potential unauthorized Use or Disclosure.
View SourceView Similar (4)
Information System Activity Review. 1. ISU shall provide HHS with documentation of implementation of its policies and procedures regarding information system activity review across all of its covered health care component clinics. ISU shall provide the documentation to HHS within 60 days of the Effective Date for review and approval. 2. Upon receiving any required changes to such implementation from HHS, ISU shall have 30 days to revise its implementation strategy and provide it to HHS for review and approval. ISU shall provide documentation of implementation, including any applicable training, within 30 days of receipt of HHS’ approval.
View Source
Information System Activity Review. The Company will appropriately review activity in ePHI-containing applications and/or systems in order to limit ePHI access to authorized purposes, including auditing and oversight tools permitting review of suspicious or unusual activity and vulnerabilities and adequate and prompt notice to the Security Officer.
View Source
Information System Activity Review. GCHD will implement procedures to regularly review records of information system activity. a. Audit Logs. GCHD will create audit logs which will record activities related to access of the GCHD system by its users. Audit logs will be reviewed on an on- going basis by the Security Officer or designee.
View Source
Information System Activity Review. Section 164.308(a)(1)(ii)(D) of the rule states: “Covered entities will implement procedures to regularly review records of the information systems activity, such as audit logs, access reports, and security incident tracking reports”. MCC has implemented the following procedures to address these requirements: The IS Director will ensure that information system activity logs are implemented and maintained for all applications that process ePHI on MCC computers. The IS Director will assign a person(s) to conduct quarterly reviews of the MCC information systems’ ac- tivity logs, this activity may entail the use of an outside entity if desired. Selected reviewer(s) must have the appropriate technical skills and authorized access to enable them to interpret the audit logs correct- ly. The designated reviewer(s) will prepare reports to summarize their reviews. The report will include the reviewer’s name, date and time of the review, application or process reviewed, and any significant find- ings, and describing any events that require additional action (incident reporting). Reviewers will look at system/application logs to identify events such as multiple failed login attempts, patient file accesses, and unauthorized access attempts. Based on the periodic reviews, the IS Director may implement new procedures or technologies to im- prove the security management process. As necessary, the Security Officer, in conjunction with the IS Director, will make modifications or addi- tions to the policies implemented to protect ePHI on MCC computer systems. Effective Date: January 1, 2005 45 CFR §164.308(a)(3) of the Security standards states “a covered entity must implement policies and proce- dures to ensure that all members of its workforce have appropriate access to electronic protected health infor- mation, as provided under paragraph (a)(4) of this section [Information Access Management], and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.” To establish the Medical Center Clinic’s (MCC) Workforce Security policies, including the required subordinate implementation specifications of authorization and/or supervision, workforce clearance procedures, and termina- tion procedures. MCC is committed to maintaining formal procedures to ensure that all workforce members whose jobs require access to electronic protected health information (ePHI) have the appropria...
View Source

Related to Information System Activity Review

  • Information Systems The Customer is aware that vehicles manufactured, supplied or marketed by a company within the Volvo Group are equipped with one or more systems which may gather and store information about the vehicle (the “Information Systems”), including but not limited to information relating to vehicle condition and performance and information relating to the operation of the vehicle (together, the “Vehicle Data”). The Customer agrees not to interfere with the operation of the Information System in any way.

  • Information Services Traffic 5.1 For purposes of this Section 5, Voice Information Services and Voice Information Services Traffic refer to switched voice traffic, delivered to information service providers who offer recorded voice announcement information or open vocal discussion programs to the general public. Voice Information Services Traffic does not include any form of Internet Traffic. Voice Information Services Traffic also does not include 555 traffic or similar traffic with AIN service interfaces, which traffic shall be subject to separate arrangements between the Parties. Voice Information services Traffic is not subject to Reciprocal Compensation as Local Traffic under the Interconnection Attachment. 5.2 If a Reconex Customer is served by resold Verizon Telecommunications Service or a Verizon Local Switching UNE, subject to any call blocking feature used by Reconex, to the extent reasonably feasible, Verizon will route Voice Information Services Traffic originating from such Service or UNE to the Voice Information Service platform. For such Voice Information Services Traffic, unless Reconex has entered into an arrangement with Verizon to ▇▇▇▇ and collect Voice Information Services provider charges from Reconex’s Customers, Reconex shall pay to Verizon without discount the Voice Information Services provider charges. Reconex shall pay Verizon such charges in full regardless of whether or not it collects such charges from its own Customers. 5.3 Reconex shall have the option to route Voice Information Services Traffic that originates on its own network to the appropriate Voice Information Services platform(s) connected to Verizon’s network. In the event Reconex exercises such option, Reconex will establish, at its own expense, a dedicated trunk group to the Verizon Voice Information Service serving switch. This trunk group will be utilized to allow Reconex to route Voice Information Services Traffic originated on its network to Verizon. For such Voice Information Services Traffic, unless Reconex has entered into an arrangement with Verizon to ▇▇▇▇ and collect Voice Information Services provider charges from Reconex’s Customers, Reconex shall pay to Verizon without discount the Voice Information Services provider charges. Reconex shall pay Verizon such charges in full regardless of whether or not it collects such charges from its own Customers. 5.4 Reconex shall pay Verizon such charges in full regardless of whether or not it collects charges for such calls from its own Customers. 5.5 For variable rated Voice Information Services Traffic (e.g., NXX 550, 540, 976, 970, 940, as applicable) from Reconex Customers served by resold Verizon Telecommunications Services or a Verizon Local Switching Network Element, Reconex shall either (a) pay to Verizon without discount the Voice Information Services provider charges, or (b) enter into an arrangement with Verizon to ▇▇▇▇ and collect Voice Information Services provider charges from Reconex’s Customers. 5.6 Either Party may request the other Party provide the requesting Party with non discriminatory access to the other party’s information services platform, where such platform exists. If either Party makes such a request, the Parties shall enter into a mutually acceptable written agreement for such access. 5.7 In the event Reconex exercises such option, Reconex will establish, at its own expense, a dedicated trunk group to the Verizon Information Service serving switch. This trunk group will be utilized to allow Reconex to route information services traffic originated on its network to Verizon.

  • Information Systems Acquisition Development and Maintenance a. Client Data – Client Data will only be used by State Street for the purposes specified in this Agreement.

  • Prevention Care Services and Early Detection Services See Prevention and Early Detection Services section for details. 0% Not Covered Must be performed by a certified home health care agency. 0% - After deductible Not Covered

  • Voice Information Service Traffic ‌ 5.1 For purposes of this Section 5, (a) Voice Information Service means a service that provides [i] recorded voice announcement information or [ii] a vocal discussion program open to the public, and (b) Voice Information Service Traffic means intraLATA switched voice traffic, delivered to a Voice Information Service. Voice Information Service Traffic does not include any form of Internet Traffic. Voice Information Service Traffic also does not include 555 traffic or similar traffic with AIN service interfaces, which traffic shall be subject to separate arrangements between the Parties. Voice Information Service Traffic is not subject to Reciprocal Compensation charges under Section 7 of the Interconnection Attachment. 5.2 If a Talk America Customer is served by resold Verizon dial tone line Telecommunications Service, to the extent reasonably feasible, Verizon will route Voice Information Service Traffic originating from such Service to the appropriate Voice Information Service connected to Verizon’s network unless a feature blocking such Voice Information Service Traffic has been installed. For such Voice Information Service Traffic, Talk America shall pay to Verizon without discount any Voice Information Service provider charges billed by Verizon to Talk America. Talk America shall pay Verizon such charges in full regardless of whether or not Talk America collects such charges from its Customer. 5.3 Talk America shall have the option to route Voice Information Service Traffic that originates on its own network to the appropriate Voice Information Service connected to Verizon’s network. In the event Talk America exercises such option, Talk America will establish, at its own expense, a dedicated trunk group to the Verizon Voice Information Service serving switch. This trunk group will be utilized to allow Talk America to route Voice Information Service Traffic originated on its network to Verizon. For such Voice Information Service Traffic, unless Talk America has entered into a written agreement with Verizon under which Talk America will collect from Talk America’s Customer and remit to Verizon the Voice Information Service provider’s charges, Talk America shall pay to Verizon without discount any Voice Information Service provider charges billed by Verizon to Talk America. Talk America shall pay Verizon such charges in full regardless of whether or not Talk America collects such charges from its own Customer.