Case Studies Template: Creating an Audit Trail Memo Module 4 Written Assignment Course: Health Information Systems/HIM 3012 Term: Spring Semester 2021 Instructor: Pam Greenstone, MEd, RHIA Learning Objective: Recommend audit trail procedures for EHR data security monitoring. Scenario: Need for Audit Trail Monitoring Case Study: A hospital in Hollywood, CA that often treats celebrities has had an increasing number of anonymous calls to their HIPAA Hot Line regarding reported inappropriate access of medical records of celebrities by nursing staff and other ancillary staff. The Privacy Officer is concerned about the increasing number of calls and feels that a team needs to be created to investigate the breaches. In addition, the Privacy Officer feels that more aggressive monitoring of access of patient information needs to take place on an ongoing basis. Of note: The audit trail information available from Information Services at this point is very weak and do not contain the proper information to perform a thorough investigation. Perform a web search on the type of information that should be contained in an appropriate audit trail and who should be responsible for monitoring this information. Utilizing appropriate memo format make a recommendation to the Privacy Officer indicating which departments should be included on the Audit Trail Investigative Team, how often the team will meet, what standard items should be included on the daily audit trail, how often these audit trails should be reviewed, and how the team will communicate their regular audit findings back to the Privacy Officer. Also recommend that the facility adopt a standardized policy and procedure for performing all data security audits. Please cite your references as appropriate. Tips for Completing the Audit Trail Monitoring Memo: 1) Review the complete instructions for this assignment in the Module 4 Lecture 1. 2) Perform a web search on the type of information that should be contained in an appropriate audit trial and who should be responsible for monitoring the audit trail. 4) Recommend to the Privacy Officer which departments should be included in the Audit Trail Investigative Team, how often the team will meet, what standard items should be included on the daily audit trail, how often these audit trails will be reviewed and how the team will communicate findings to the Privacy Officer on a regular basis. 5) Recommend that the facility adopt a standardized policy and procedure for performing all data security audits. 6) Document this information in appropriate memo format. Remember to utilize correct memo formatting as noted in the toolbox activity. Outcome: You will have a complete memo recommending to the Privacy Officer all the components listed above. You will be able to outline the components of an audit trail and define how an audit trail can be utilized within a healthcare organization.

Audit Trail Memo Grading Rubric

Content	Points Possible	Students Score	Comments
Memo Format Including Intro, Content & Wrap Up Paragraph -Also include statement that standardized P&P needs to be developed -Memo sent to Privacy Officer	4
Recommendations as to who should be on the Audit Trail Investigative Team : At least four different departments represented on the team. (Specific depts. should be named)	4
How often the team meets must be at least monthly	1
How often Audit Trails will be reviewed	1
How team will communicate their regular findings to the Privacy Officer- type of communications, etc.	2
Data Elements Review PPT and Case Study	5
References (Must be included)	1
Grammar/Sentence Structure (Up to 2 pts can be deducted)	2
Total Score:	20

Comments: