User Activity Monitoring
User activity monitoring involves log collection and analysis to keep track of administrator and end-user activity, as well as a history of system and application access. The goal of user activity monitoring is to detect suspicious activity and take action as well as provide forensics teams with a road map if a breach occurs within the organization.
Security experts say activity monitoring is most effective if it is coupled with security policies to put context with user activities. Someone also needs to review the logs. HIPAA specifically requires procedures to regularly review logs of system activity, including access reports and security incident tracking reports. It also requires systems that record and examine activity in information systems that contain or use electronic protected health information.