question

Matt Maurer avatar image
Matt Maurer asked ·

How can I track and audit logins for HIPAA purposes

I need to know who logs into my Ring Central account and when, and what messages (in this case, faxes) they access for HIPAA purposes.  

I already have the conduit enabled and understand that data is deleted after 30 days; the only thing left is to log access records so that I can audit it in the future.

How can I generate reports around who logged in, when, and when messages they accessed & method of access?

I've been thrilled by RC's HIPAA work to date, this is just the final piece.

Thanks!
topic-default
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

mike avatar image
mike answered ·
Matt,  Our system does maintain session logs which might work for you. It basically shows the time someone logs in, logs out, duration and the IP address they are logging in from.  Unfortunately these are not accessible from the user interface, and you'll have to request these when needed. 
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Matt Maurer avatar image
Matt Maurer answered ·
Thanks Mike, two follow ups:  First, right now my account has 1 set of login credentials (our fax number and password); is there a way to add users simply in order to track specifically who logs in / out / duration and IP?  And finally, could we also see what they did?  Like if they viewed a fax or something?  It's ok that I can't access them from the UI, it would only be for auditing purposes.

Best
1 comment Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Unfortunately, our system doesn't allow multiple login credentials for a single phone number.  So, you can't really tell who the user is because the only identifier is an IP address, which of course doesn't guarantee who the user is. The report is not detailed enough to tell what the user did.  Here's a sample report from a test account. The first column, "web" is the user logging in, and of course "incoming fax" is an actual fax received. the Caller ID column shows the number the fax was sent from or, the users IP address that logged in to the account. 


0 Likes 0 · ·
mike avatar image
mike answered ·
HI Matt,  Just wanted to let you know I'm looking into this for you. 

Mike
Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Customer Spaces