HIPAA compliant auditing system for medical images.

As an official regulation for healthcare privacy and security, Health Insurance Portability and Accountability Act (HIPAA) mandates health institutions to protect health information against unauthorized use or disclosure. One such method proposed by HIPAA Security Standards is audit trail, which records and examines health information access activities. HIPAA mandates healthcare providers to have the ability to generate audit trails on data access activities for any specific patient. Although current medical imaging systems generate activity logs, there is a lack of formal methodology to interpret these large volumes of log data and generate HIPAA compliant auditing trails. This paper outlines the design of a HIPAA compliant auditing system (HCAS) for medical images in imaging systems such as PACS and discusses the development of a security monitoring (SM) toolkit based on some of the partial components in HCAS.