Audit Controls: STANDARD § 164.312(b)
The next standard in the Technical Safeguards section is Audit Controls. This standard has no implementation specifications. The Audit Controls standard requires a covered entity to:
"Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information."
§164.308(a)(1)(ii)(D): Security Management Process - Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Dept of Health & Human Service
HIPAA Security Series pdf