How Long Must Audit Logs Be Retained?
Any electronically stored information that an entity collects, stores, and transmits that may identify a patient is considered electronic protected health information (ePHI). To protect their patients’ ePHI, a covered healthcare entity must implement hardware, software, and/ or procedural mechanisms that record and examine activity on the entity’s network. 45 CFR §164.312 (b). With almost all medical files being stored electronically today, audit logs are critical to an entity’s security [...]