This entry is part 9 of 26 in the series HIPAA Privacy-Security Reminders

Sounds pretty basic, but please assure me you’re not sharing User Ids and Passwords among members of your workforce.  The HIPAA Security Rule requires Covered Entities and Business Associates to implement a “Unique User Identification” standard for systems holding electronic protected health information (EPHI). Unique User Identification is a “required” specification under the Access Control standard and should be employed for all information assets that create, receive, transmit and maintain ePHI.  For members of the workforce, no sharing!

As the name implies, unique user identification refers to the use of a unique name or number to identify and track specific individuals handling ePHI.  Frequently referred to as “Logon name” or “User ID”, use of this unique name or number provides a means to verify the identity of the person using the system. An effective unique user identification practice ensures that system activity can be traced to a specific individual. Never share your user ID on any system as you would not like to be held responsible for someone else’s actions.

System Administrators should perform ongoing maintenance of user identification data. User identifications that are not associated with active workforce members (such as those of former or transferred members of the workforce) present an increased risk for abuse. User identifications provided to consultants and vendors should also be removed or disabled as soon as no longer needed. System Administrators may wish to temporarily disable accounts for workforce members leaving for extended periods with no need to access the system, such as medical/family leave or vacations.

What policies and procedures do you have in place to ensure you are compliant with this required implementation specififcation?

The complete HIPAA Privacy, Security and Breach regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Security OfficialHIPAA Privacy and Security Reminders – Sanction Policy >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.