The IT department/vendor should be sending the HIPAA Compliance Officer monthly reports. These do not need to be printed and may be stored digitally. If your IT department does not send any reports, the HIPAA Compliance Officer must know where these reports are located.
Monthly reports from your IT department/vendor will depend on the system they use.
Here are some examples of what to request:
Access logs (if they provide this service, or you can check within your EHR)
Asset management summary
Device health report
Network audit report
Software list
Monthly IT reports will help you to document your “recognized security practices”. These reports can be added under Uploads on your Profile page. Click “Add New”, using the drop down menu, select IT Reports. When naming your files be sure to start with the Year, then month and date. This will ensure your reports are in chronological order.
For example: 23 0601 Access logs
23 0601 Network audit report
