Data integrity requirements for compliance

[David Grisham <DGrisham () SALUD UNM EDU>]

I would like to step away from the interesting password discussion for a minute & ask how those of you who are required 
to show data integrity to regulatory bodies are doing so. Especially protection from unauthorized alterations or 
destruction.
I am trying to write a procedure that all of our ePHI data stewards/owners can understand, achieve and I can enforce.  
Checksums, hash values, etc.  do not seem to be an option.  Has anybody else tackled this issue in an enterprise that 
must keep the databases running to provide patient care?
 
 
 
Cheers--grish
David D. Grisham, Ph.D.,  CISM, CHS, CHSP
Manager, IT Security,
UNM Hospitals, Information Technology
1650 University Blvd,  S.500, Albuquerque, NM 87102