This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Workforce Security: Termination Procedures (Addressable)

Reference: 45 CFR § 164.308(a)(6)
Last Updated: July 5, 2023


Goal: Implement procedures for terminating access to electronic protected health information when the employment of a workforce member ends or as required by determinations made as specified in the Security Rule.

The purpose of the Termination Procedures is to secure data from those who are no longer authorized access.


Procedure: The Security Manager must ensure that the following steps are completed prior to the release of the employee’s final payment.

  • Revoke all of that employee's authorization immediately; get back keys, smart cards, tokens, badges, and the like. Consider changing the locks to the facility and/or computer room.
  • Remove all access permissions to critical/sensitive areas, such as telephone closets, computer rooms, and classified areas.
  • Delete the employee's account and password from all systems and networks.
  • Retrieve all hardware, software, and documentation, including government equipment used at home.
  • Save the employee's files in case they're needed for proof in case you discover wrongdoing.
  • Replace locks or have combinations changed (if required).
  • Perform periodic audits:
    • Verify timeliness of prior actions.
    • Review all suspended accounts activity and report any activity after termination date.
  • Report completion of termination actions to Management.

Note: Timing for these actions may vary depending on termination classification.

  • Voluntary Termination: Access may be removed thru a period of weeks as the employee releases responsibility to another person or access is no longer needed.
  • Involuntary Termination: Access may be removed prior to notification to the employee of the termination if coordinated with immediate supervisor. All access shall be removed prior to employee leaving the premises.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram