164.312(a)(2) Technical Safeguards

Audit Controls

High Risk Moderate Medium

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

Implementation Guidance

Implement comprehensive audit logging including user activities, system access, data modifications, and security events.

Required Documentation

Audit control policies, logging procedures, audit review procedures, audit retention policies.

Best Practices

Implement comprehensive audit logging, regular audit review, proper audit retention, effective audit analysis.

Common Violations

Inadequate audit logging, insufficient audit review, poor audit retention, lack of audit analysis.

Testing Procedures

Review audit control policies, test audit logging, verify audit review procedures, test audit retention.

Implementation Resources

Download expert-developed templates and checklists to implement this control:

Implementation Checklist

Policy Template

Quick Facts

Control ID 164.312(a)(2)

Category Technical Safeguards

Risk Level High

Difficulty Moderate

Est. Cost Medium

Timeframe 2-4 months

Last Updated Mar 6, 2026

Get Expert Help Free Assessment

Related Controls

Explore other controls in the Technical Safeguards category.

164.312(a)(1) Critical

Access Control

Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software pr...

164.312(e) Critical

Transmission Security

Implement technical security measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network...

164.312(b) High

Integrity

Implement policies and procedures to protect ePHI from improper alteration or destruction....

Need Help Implementing This Control?

Our certified HIPAA experts can help you implement this control correctly and efficiently.

Contact Our Experts View All Controls