Successfully implementing access controls takes prep work

Laying the groundwork is essential to successfully implementing role-based access control at healthcare organizations, PeaceHealth's Christopher Paidhrin tells HealthcareInfoSecurity in an interview.

That prep work includes evaluating whether the organization is ready to accept access based on job role, says Paidhrin, security administration manager in PeaceHealth's information security technology division. Carefully draft a business case before scoping and planning, he adds.

Another key: Collaborate with application and data owners, human resources, privacy, and information security teams, Paidhrin tells HealthcareInfoSecurity. "Find ways to simplify every phase and step, minimize hand-offs, delegate authority for standard changes and set boundaries and expectations for the process."

Identity management and unauthorized data access by employees are healthcare providers' biggest security and privacy concerns, according to a recent KLAS survey.

Unauthorized access to confidential information about the Duchess of Cambridge and reportedly Kim Kardashian are but two of the many high-profile cases. It's just one of three types of insider threats that call for a strong program to monitor your systems.

To keep data secure, more hospitals are focusing on how information flows through the organization to detect abnormalities, attendees at the recent iHT2 conference in Boston said.

To learn more:
- find the interview