... person or entity received the individual’s information, then it is in both the individual’s and covered entity’s interests to limit the accounting to the relevant information. Additionally, ... protected health information. ’’ Therefore, systems with designated record set information should already be configured to record activities such as when users access information. Additionally, ... and local government entities that are covered entities under the HIPAA Privacy and Security Rules. Such entities should already be maintaining access logs with the information necessary...