RSA Admin

Proving your Reports

Discussion created by RSA Admin Employee on Apr 2, 2008
Latest reply on Jul 11, 2008 by RSA Admin

Keep in mind...


When dealing with HIPAA compliance and auditors, one thing we quickly discovered.  After an extensive approach to create alerts and reports that pertained to HIPAA, we found that the auditors liked the reports but couldn't accept them due to the fact that we had no way of proving that anyone actually read them.  That caused us to put into practice a process by which our Compliance Officer had to sign-off on them before they were considered complete.  This is an acceptable practice that is still in effect many audits later.