Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. • Application must support the identification of the nature of each access and/or modification through the use of logging. • Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. • All audit logs must be protected from human alteration. • Access to logs must be limited to authorized users. • The application must employ basic query tools and reports to easily search logs. • OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. • Logging and auditing functionality must include the following: ♦ Record of who did what to which object, when and on which system. ♦ Successful/unsuccessful log-in and log-out of users. ♦ Add, modify and delete actions on data/files/objects. ♦ Read/view actions on data classified as restricted/confidential. ♦ Changes to user accounts or privileges (creation, modification, deletion). ♦ Switching to another users access or privileges after logging in (if applicable).
Audit Capabilities. 22 1. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, 23 unauthorized or unintended changes to application.
Audit Capabilities. 5 a. Audit and logging capabilities will permit HCA to identify, and possibly reverse, 6 unauthorized or unintended changes to data resulting from error or misconduct.
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. County of Orange Health Care Agency Page 41 MA-042-17011367 • Application must support the identification of the nature of each access and/or modification through the use of logging. • Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. • All audit logs must be protected from human alteration. • Access to logs must be limited to authorized users. • The application must employ basic query tools and reports to easily search logs. • OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. • Logging and auditing functionality must include the following: ♦ Record of who did what to which object, when and on which system. ♦ Successful/unsuccessful log-in and log-out of users. ♦ Add, modify and delete actions on data/files/objects. ♦ Read/view actions on data classified as restricted/confidential. ♦ Changes to user accounts or privileges (creation, modification, deletion). ♦ Switching to another users access or privileges after logging in (if applicable).
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. • Application must support the identification of the nature of each access and/or modification through the use of logging. • Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken during operational process. County of Orange Health Care Agency 40 MA-042-16011679 Environmental Health Data Management System • All audit logs must be protected from human alteration. • Access to logs must be limited to authorized users. • The application must employ basic query tools and reports to easily search logs. • Logging and auditing functionality must include the following: ♦ Record of who did what to which object, when and on which system. ♦ Successful/unsuccessful log-in and log-out of users. ♦ Changes to user accounts or privileges (creation, modification, deletion).
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. • Application must support the identification of the nature of each access and/or modification through the use of logging. • Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. • All audit logs must be protected from human alteration. • Access to logs must be limited to authorized users. • The application must employ basic query tools and reports to easily search logs. • OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. • Logging and auditing functionality must include the following: ♦ Record of who did what to which object, when and on which system. ♦ Successful/unsuccessful log-in and log-out of users. ♦ Add, modify and delete actions on data/files/objects. ♦ Read/view actions on data classified as restricted/confidential. ♦ Changes to user accounts or privileges (creation, modification, deletion). ♦ Switching to another users access or privileges after logging in (if applicable). Protection from Malicious Code For cloud hosted solutions, vendors must utilize antivirus/antispyware software on servers and monitor to prevent malicious code which may lead to a compromise of OCHCA’s data. • For local hosted solutions, vendors must ensure that the application appropriately supports the use of antivirus/antispyware software. • Remote Support Functionality • Provider must conform to OCHCA Vendor Remote Access Policy.
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. • Application must support the identification of the nature of each access and/or modification through the use of logging. • Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. • All audit logs must be protected from human alteration. • Access to logs must be limited to authorized users. • The application must employ basic query tools and reports to easily search logs. DocuSign Envelope ID: 32AC7F38-40B4-4FD7-9103-57D01A9AA5C7 • OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. • Logging and auditing functionality must include the following: ♦ Record of who did what to which object, when and on which system. ♦ Successful/unsuccessful log-in and log-out of users. ♦ Add, modify and delete actions on data/files/objects. ♦ Read/view actions on data classified as restricted/confidential. ♦ Changes to user accounts or privileges (creation, modification, deletion). ♦ Switching to another users access or privileges after logging in (if applicable).
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. Application must support the identification of the nature of each access and/or modification through the use of logging. Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. All audit logs must be protected from human alteration. Access to logs must be limited to authorized users. The application must employ basic query tools and reports to easily search logs. OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. County of Orange, Health Care Agency Software Maint. & Data Hosting Services Page 41 of 50 MA-042-21010508 File Folder: C028362 Logging and auditing functionality must include the following: Record of who did what to which material object, when and on which system. Successful/unsuccessful log-in and log-out of users. Add, modify and delete actions on material data/files/objects. Read/view actions on data classified as restricted/confidential. Changes to user accounts or privileges (creation, modification, deletion). Switching to another users access or privileges after logging in (if applicable).
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. Application must support the identification of the nature of each access and/or modification through the use of logging. Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken in a clinical or operational process. All audit logs must be protected from human alteration. Access to logs must be limited to authorized users. The application must employ basic query tools and reports to easily search logs. OCHCA record retention policies must be followed. Currently OCHCA requires that this period be at least six years from the time the record was initiated. Logging and auditing functionality must include the following: Record of who did what to which material object, when and on which system. Successful/unsuccessful log-in and log-out of users. Add, modify and delete actions on material data/files/objects. Read/view actions on data classified as restricted/confidential. Changes to user accounts or privileges (creation, modification, deletion). Switching to another users access or privileges after logging in (if applicable).
Audit Capabilities. Auditing and logging capabilities will permit HCA to identify, and possibly reverse, unauthorized or unintended changes to application. Application must support the identification of the nature of each access and/or modification through the use of logging. Application must employ audit capabilities to sufficiently track details that can establish accountability for each step or task taken during operational process. All audit logs must be protected from human alteration. Access to logs must be limited to authorized users. The application must employ basic query tools and reports to easily search logs. Logging and auditing functionality must include the following: Record of who did what to which object, when and on which system. Successful/unsuccessful log-in and log-out of users. Changes to user accounts or privileges (creation, modification, deletion).
