Organizations are responsible for maintaining their client’s records safety by conducting security audits through reviewing audit trails and logs. According to Thompson (2018), audit trails are a set of computerized records that show people’s activities in an information system in chronological order. These activities include sign-ins, sign-outs, and file access. Conducting the reviews is important as they help detect unauthorized access to clients’ Protected Health Information and inculcate a culture of responsibility and accountability. When reviewing the audit trails, triggers tend to be valuable aids (Walsh & Miaoulis, 2014). Therefore, in conducting the review, I will have to implement triggers to help identify potential unauthorized access.
Triggers automatically capture information about suspicious activities, such as alteration of the audit trails. Most auditors prefer to use them, unlike the manual methods, which take a lot of time. Auditors often use triggers in database servers to ensure and improve the record’s integrity. For example, when there is suspicious activity on electronic PHI (ePHI), the triggers can verify whether the activity aligns with the HIPAA and the organization rules in terms of the authorization. Thompson (2018) defines authorization as granting permission to access and disclose private information according to the HIPAA privacy rules. Not everyone in an organization has the same level of access to PHI. The auditing triggers will help answer the following questions; who altered the data, did they have the permission or authority, what was the date and time of access or alteration and which system did they use to access the data.
The triggers I would propose to use in the review of the audit trails are within the following categories, Data Definition Language (DDL), Data Manipulation Language, Common Language Runtime (CLR), and Logon triggers. The auditing triggers in the DDL category are CREATE, ALTER, and DROP, among others. The ones in the DML category include INSERT, UPDATE, and DELETE. Triggers are programming languages that I will write and execute in databases to collect the required information from the audit trail. For example, when I trigger the INSERT command, the execution will return the information about the system where the insert was conducted and the user name of the suspect.
Another significant trigger I will present for approval is the ApexSQL trigger. It is a database-specific auditing tool because it only applies to audit trails stored in SQL databases. The trigger captures data and information alterations that have occurred on the database, including insights on who made the alterations, the data that was affected )(in our case, the clients’ PHI), when it was made, and so much on.
The following triggers will help reconstruct events that might lead to suspicion and risk to clients’ data. These events include accessing the cardholder’s data, all activities that any person with root or administrative privileges takes, access to audit trails, and invalid logical access attempts. Others are the use of identification and authentication methods and the creation and deletion of system-level objects.
In conclusion, auditing is a mandatory process that every covered entity and business associate should conduct. The auditing process involves reviewing audit trails. Most auditors prefer to reduce the amount of work in reviewing pages and pages of audit trail reports by using triggers. The ten triggers we have discussed are valuable in identifying suspicious events that could lead to illegal access and transfer of clients’ data.
Thompson, L. R. (2018). Introduction to health information privacy & security. (2nd Ed.). AHIMA Press.
Walsh, T., & Miaoulis, W. (2014). Privacy and security audits of electronic health information (2014 update). Journal of AHIMA, 85(3), pp. 54-59. https://library.ahima.org/PB/PrivacySecurityAudits#.YtQVmXZBxEY