Messageboard

We had a hospital staff meeting this week at which the main topic was compliance and security.  It was quite the lively discussion.  Large institutions are required to file audit reports to the regulators on a regular basis.  A computerized hospital system may have over 10,000 users accessing records every week.  There are elaborate software programs that can monitor activity and look for patterns, etc.  There are teams of employees whose sole responsibility is to monitor and handle all that.

I know there are many different logs and reports that EMR's offers, we can see who went where when, did what in which record, etc.  I have looked at the logs and activitiy reports - they are certainly helpful for legal purposes when a particular incident occurs, but are smaller practices (less than 25 providers, for example) doing proactive audits on a routine basis to monitor activity?  I think we would have to hire a FTE to try to do audits and look for patterns, inappropriate activity, etc.  What requirements are there for smaller practices on this issue?  Who has the resources to do this?