Corporate Compliance

Tip: Create unique user identification

Compliance Monitor, June 3, 2009

Organizations must control access to protected health information (PHI) by implementing technical policies and procedures for information systems that maintain electronic PHI (ePHI).

To ensure only authorized personnel have access to ePHI, assign a unique name or number to identify and track user identity (ID). Unique user IDs are essential to audit and hold people accountable. Each user should be granted specific privileges linked to his or her user ID through the associated authorization process. This allows organizations to track each user’s actions and to hold users accountable for all activity occurring under their user ID.

Consider the following compliance tips:
  • If your organization has shared user IDs, make it a high priority to replace them with unique IDs for each user.
  • In facilities where a constantly changing group of people uses a single workstation, such as a nursing station, logon time is important. If your organization requires a network logon and a separate logon, a controlled, generic user ID at the application level can be used. However, the privileges of the generic network user ID should be limited.
This tip was adapted from The Compliance Officer’s Handbook, Second Edition. For more information about the book or to order your copy, visit the HCMarketplace.

Most Popular