HIPAA compliant audit trail in FileCloud

Health Insurance Portability and Accountability Act (HIPAA) mandates security and privacy standards for health information. Everyday employees within your organization end up accessing and working on multiple files and folders within your network. HIPAA requires that you provide an audit control to record and examine their activity.

Did you know when you use FileCloud as your enterprise File Storage and Access solution you automatically get HIPAA compliant audit trail?

Yes, FileCloud monitors and records each operation on data stored in FileCloud.

FileCloud audit support identifies and records who (Username) did what (access, modify, delete, add etc) to what data (Files, Folders, User List etc), when (date and timestamp) and how (Web, mobile,  Sync Client, Drive etc).

Additionally, FileCloud admin website facilitates administrator to access the audit trail.

How to enable audit trail?

TONIDOCLOUD_AUDIT_LOG_LEVEL parameter in the FileCloud General Configuration can be set as follows to suit your requirement.

OFF – No activity is logged.
REQUEST – Incoming requests are logged.
FULL – Both incoming requests and outgoing response are logged.

How to view audit trail?

In the admin website, click the Audit link on the left menu to view the audit screen.  The audit log can be filtered by date range, username and operation.  The common operations include: create account, login, upload, getfilelist (browse), create folder, delete,  download file, share file or folder. However, you can view audit of all operations by choosing all.  The audit log results can be exported to a CSV file. The audit log will provide username, IP address, user agent, log date and time stamp, how the resource was accessed, complete request and response in JSON format.

 

The request and response data stored in JSON format in FileCloud can be viewed easily in any json parser such as http://json.parser.online.fr/

For more information on audit support in FileCloud you can review our support site

6 Responses

  1. Matt S says:

    This is really nice to see. However, in order to be HIPAA compliant the software must encrypt sensitive data & decrypt on the fly. Is this something you will look into? If this is done, FileCloud will likely be near full compliance for medical office use.

  2. Ethan Hall says:

    Matt, FileCloud support dynamic data encryption on the fly when you use HTTPS instead of HTTP on your servers. However, data encryption at rest is in our near term road map.

  3. Alex King says:

    Can you provided any updates regarding data encryption at rest on the server? Having encryption on the fly or in transmit with SSL is awesome but a niche im trying to fill in my enterprise will likely data to be encrypted at rest as well.

  4. tony says:

    any update with encryption at rest?

  5. Ross says:

    When will encryption at rest be available? Is it in the next release and is there a date for that release?

  6. madhan says:

    Yes, we are planning for FC 9.0, timeframe is Mid April.

Leave a Reply