Medium

Policy Statement: The North Dakota Health Information Network (NDHIN) shall conduct audits of health information accessed and used by Authorized Users to identify inappropriate access, verify compliance with access controls to assure confidentiality, verify appropriate use of Individually Identifiable Health Information, and assure compliance with HIPAA Rules and NDHIN policies.

NDHIN Audits

The NDHIN shall periodically audit user authentication logs. Unusual findings must be investigated and resolved in a timely manner.

The NDHIN shall audit Break the Seal on a monthly basis, scan for anomalies, and audit, at a minimum, 10 authorized users access and review findings with Participants.

The NDHIN shall conduct periodic audits of Participant usage of NDHIN and upon request, shall provide the Participant with audit reports.

The NDHIN may perform other Participant and Authorized User audits as it determines necessary.

Unauthorized access, use, or disclosure must be addressed by the Health Information Technology (HIT) Director, or designee, by taking immediate and appropriate corrective measures including the NDHIN Enforcement policy.