Monitor activity for HIPAA compliance

Use a Windows Event Log service and Windows Applications and Services Log service to monitor for HIPAA compliance on devices.

Both are capable of monitoring the IDs listed below. The services are event based. This means that when they encounter the ID in the log, it will transition the service to failed and then returns to normal. If you create notification profiles for the specific instance of this service, you can generate an email on the specific event ID and have the sent to appropriate personal.

You need to understand what IDs would fall into the description of the compliance.

ID Reason
4614 A notification package has been loaded by the Security Account Manager.
4615 Invalid use of LPC port.
4616 The system time was changed.
4618 A monitored security event pattern has occurred.
4621 Administrator recovered system from CrashOnAuditFail.
4622 A security package has been loaded by the Local Security Authority.
4624 An account was successfully logged on.
4625 An account failed to log on.
4626 User/Device claims information.
4627 Group membership information.
4634 An account was logged off.
4646 IKE DoS-prevention mode started.
4647 User initiated log off.
4648 A logon was attempted using explicit credentials.
4649 A replay attack was detect.