Tip: Create unique user identification
Compliance Monitor, June 3, 2009
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Organizations must control access to protected health information (PHI) by implementing technical policies and procedures for information systems that maintain electronic PHI (ePHI).
To ensure only authorized personnel have access to ePHI, assign a unique name or number to identify and track user identity (ID). Unique user IDs are essential to audit and hold people accountable. Each user should be granted specific privileges linked to his or her user ID through the associated authorization process. This allows organizations to track each user’s actions and to hold users accountable for all activity occurring under their user ID.
- If your organization has shared user IDs, make it a high priority to replace them with unique IDs for each user.
- In facilities where a constantly changing group of people uses a single workstation, such as a nursing station, logon time is important. If your organization requires a network logon and a separate logon, a controlled, generic user ID at the application level can be used. However, the privileges of the generic network user ID should be limited.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- Q&A: Acute respiratory failure diagnosis does not require intubation
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Oxygen Cylinder Storage Requirements
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Searched