System Logging. The system must maintain an automated audit trail which can identify the user or system process which initiates a request for DBH PHI or PI, or which alters DBH PHI or PI. The audit trail must be date and time stamped, must log both successful and failed accesses, must be read only, and must be restricted to authorized users. If DBH PHI or PI is stored in a database, database logging functionality must be enabled. Audit trail data must be archived for at least ten (10) years from the final date of the contract period or from the date of completion of any audit, whichever is later.
Appears in 9 contracts
Sources: Contract, Contract for Mental Health Services, Contract