Difference between revisions of "Auditable events and tamper-resistance (MU3)"
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
Line 1: | Line 1: | ||
:Regulation text: | :Regulation text: | ||
`§170.315 (d)(2) Auditable events and tamper-resistance—`Record actions. Technology must be able to: | ```§170.315 (d)(2) Auditable events and tamper-resistance—`Record actions. Technology must be able to: | ||
Record actions related to electronic health information in accordance with the standard specified in §170.210(e)(1); | Record actions related to electronic health information in accordance with the standard specified in §170.210(e)(1); | ||
Record the audit log status (enabled or disabled) in accordance with the standard specified in §170.210(e)(2) unless it cannot be disabled by any user; and | Record the audit log status (enabled or disabled) in accordance with the standard specified in §170.210(e)(2) unless it cannot be disabled by any user; and | ||
Line 7: | Line 7: | ||
When disabling the audit log is permitted. For each capability specified in paragraphs (d)(2)(i)(A) through (C) of this section that technology permits to be disabled, the ability to do so must be restricted to a limited set of users. | When disabling the audit log is permitted. For each capability specified in paragraphs (d)(2)(i)(A) through (C) of this section that technology permits to be disabled, the ability to do so must be restricted to a limited set of users. | ||
Audit log protection. Actions and statuses recorded in accordance with paragraph (d)(2)(i) of this section must not be capable of being changed, overwritten, or deleted by the technology. | Audit log protection. Actions and statuses recorded in accordance with paragraph (d)(2)(i) of this section must not be capable of being changed, overwritten, or deleted by the technology. | ||
Detection. Technology must be able to detect whether the audit log has been altered.` | Detection. Technology must be able to detect whether the audit log has been altered.``` | ||
:* | :* |
Revision as of 07:17, 8 October 2020
- Regulation text:
```§170.315 (d)(2) Auditable events and tamper-resistance—`Record actions. Technology must be able to: Record actions related to electronic health information in accordance with the standard specified in §170.210(e)(1); Record the audit log status (enabled or disabled) in accordance with the standard specified in §170.210(e)(2) unless it cannot be disabled by any user; and Record the encryption status (enabled or disabled) of electronic health information locally stored on end-user devices by technology in accordance with the standard specified in §170.210(e)(3) unless the technology prevents electronic health information from being locally stored on end-user devices (see paragraph (d)(7) of this section). Default setting. Technology must be set by default to perform the capabilities specified in paragraph (d)(2)(i)(A) of this section and, where applicable, paragraphs (d)(2)(i)(B) and (d)(2)(i)(C) of this section. When disabling the audit log is permitted. For each capability specified in paragraphs (d)(2)(i)(A) through (C) of this section that technology permits to be disabled, the ability to do so must be restricted to a limited set of users. Audit log protection. Actions and statuses recorded in accordance with paragraph (d)(2)(i) of this section must not be capable of being changed, overwritten, or deleted by the technology. Detection. Technology must be able to detect whether the audit log has been altered.```