This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Access Control Unique User ID

Reference: ยง 164.308(a)(2)(i)
Last Updated: October 25, 2024

Purpose

The purpose is to establish the policy and procedure to uniquely identify and track one workforce member from all others, for the purpose of access control to all networks, systems and applications that contain Electronic Protected Health Information (ePHI) and the monitoring of access to the aforementioned networks, systems and applications.

Policy

It is the responsibility of the HIPAA Security Officer to provide all team members who require access to any network, system or application that accesses, transmits or stores ePHI a unique user identification.

Every staff member authorized to use our information systems shall be given a unique user name and selects a password known only to the staff member. Staff members must use their user name and password when using the information system and accessing PHI.

Procedure

The Security Officer or designated representative shall assign a Unique User ID and Password to each team member that requires the same as soon as possible after the same has been cleared to such access.

Team Members given access to any system that stores, receipts or transmits ePHI must:

  • Ensure assigned user ID is appropriately protected and only used for legitimate access to networks, systems, or applications.
  • Not allow any other user to use their unique user ID or password.
  • Ensure user ID is not documented, written or otherwise exposed in an insecure manner.
  • Report a security incident to the Security Officer in a timely manner if believed their user ID has been compromised.

Note

Anonymous access, including the use of guest and public accounts, to any information system is prohibited.

Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!
overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram