With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place. According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best place to begin with readiness assessment followed by an exercise to determine roles and responsibilities of all employees in their departments, called a role-based access control matrix.
Access Control/Governance involves limiting restricted information to only those individuals who absolutely must have access to it. The Security Rule defines user access as “the ability or means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” Access control/ Governance leads to improved organizational value and information security, and reduces organizational risk and data exposure/ breach.
A word of caution: Changing and evolving job roles are constant, particularly in the healthcare setting where incomplete and fragmented roles exist. Be mindful to re-evaluate your role descriptions and protocols on a regular basis.