Access Control Unique User ID

The purpose is to establish the policy and procedure to uniquely identify and track one workforce member from all others, for the purpose of access control to all networks, systems and applications that contain Electronic Protected Health Information (ePHI) and the monitoring of access to the aforementioned networks, systems and applications.

It is the responsibility of the HIPAA Security Officer to provide all team members who require access to any network, system or application that accesses, transmits or stores ePHI a unique user identification.

Every staff member authorized to use our information systems shall be given a unique user name and selects a password known only to the staff member. Staff members must use their user name and password when using the information system and accessing PHI.

Procedure

The Security Officer or designated representative shall assign a Unique User ID and Password to each team member that requires the same as soon as possible after the same has been cleared to such access.

Team Members given access to any system that stores, receipts or transmits ePHI must:

• Ensure assigned user ID is appropriately protected and only used for legitimate access to networks, systems, or applications.
• Not allow any other user to use their unique user ID or password.
• Ensure user ID is not documented, written or otherwise exposed in an insecure manner.
• Report a security incident to the Security Officer in a timely manner if believed their user ID has been compromised.

Note

Anonymous access, including the use of guest and public accounts, to any information system is prohibited.