REQ.085 Allow session history queries
This document contains the details of the security requirements related to the definition and management of Logs in the organization. This requirement establishes the importance of allowing different consults in log history for authorized users such as session consults.
Requirement
System must allow authorized users the inspection of their own session history.
References
-
HIPAA Security Rules 164.308(a)(1)(ii)(D): Information System Activity Review: Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.