SSCP Security Operations and Administration • Set 2
SSCP Security Operations and Administration Practice Test 2 — 15 questions with explanations. Free, no signup.
You work for a hospital that has recently transitioned to an electronic health record (EHR) system. The system stores protected health information (PHI) and must comply with HIPAA. The hospital's security policy requires that all access to PHI be logged and that any unauthorized access be detected promptly. The IT department has implemented logging on the EHR system, but the security team is overwhelmed by the volume of logs and cannot review them in a timely manner. Additionally, there have been incidents where employees accessed patient records without a legitimate need, but these were only discovered months later during random audits. The hospital needs to improve its detection capabilities. Which of the following is the most effective solution?