With HIPAA requirements upping the ante, health IT administrators must take the issue of user access control even more seriously than their colleagues in other enterprise IT environments. Increasingly, health systems are being forced to throw additional resources at the problem, conducting frequent privacy audits that look closely at user access permissions. User accounts that remain active after employees leave are a predictable--yet still vexing--problem HIT admins struggle to address. Admins are also field-testing user-provisioning applications which give existing users carefully-tailored data access based on specific needs. To further complicate things, some users may need access to specific subsets of information, notably individual patient records, often forcing health IT admins to invest in additional applications. To make sure they have options in the event of a breach, many health IT admins are keeping archives of user accounts, so they can research what happened if and when things go wrong.
To get more background on this issue:
- read this ADVANCE for Health Information Executives piece