Log management is the practice of recording and reviewing the logs of servers, workstations, firewalls, and other network equipment. This is a vital component of HIPAA compliance because the logs are the record of everything that happens on these devices. In the event of a security breach, the logs on a server may contain the answer as to how the serer was accessed, who the bad actor was, and what damage was done.

The problem with log management is that most devices eventually overwrite their own logs. If a breach is not discovered until months after the initiating event, the logs may be long gone and impossible to recover. That makes it difficult to determine the scope or exact timing of an incident. In addition, not having those logs is a HIPAA violation. Therefore, the logs must be archived to enable proper investigation.

For any healthcare practice that uses network connect devices, proper log management should include periodic manual or automated reviews to check the logs for security incidents. If this is handled properly, it can alert your IT staff to a problem before other evidence surfaces via workstation problems. Considering that many security breaches are not discovered until long after they have occurred, proper log review is vital for best-in-class cyber security. Archiving the logs so that they can referenced is the second part of the best practice, as these logs are the best evidence for analysis in case of a security breach.