I work in an environment where we have multiple DBA's managing a large Oracle Database. We also have PHI data in the database and part of the DBA function is to create views for users that are being provided access to that data.

The question of monitoring has come up because of the DBA's access to the data, their ability to view it and even do a dump of the database tables that contain the PHI data. Mind you that we are also required to comply with moderate level control for PHI data under a government mandate, which has a non repudiation element. The DBA's can also use third party tools like AquaData Studio to connect to the database directly through the ODBC connection bypassing the main application that provides users access to the data.

Question: How can we track access and actions performed on the data to a single DBA in a an envrionment where all the DBA have access to the sys database user account. I heard Guardium Security is a possibility but I heard there were issues with it as well.