Successfully implementing access controls takes prep work

Laying the groundwork is essential to successfully implementing role-based access control at healthcare organizations, PeaceHealth's Christopher Paidhrin tells HealthcareInfoSecurity in an interview.

That prep work includes evaluating whether the organization is ready to accept access based on job role, says Paidhrin, security administration manager in PeaceHealth's information security technology division. Carefully draft a business case before scoping and planning, he adds.

Another key: Collaborate with application and data owners, human resources, privacy, and information security teams, Paidhrin tells HealthcareInfoSecurity. "Find ways to simplify every phase and step, minimize hand-offs, delegate authority for standard changes and set boundaries and expectations for the process."

Identity management and unauthorized data access by employees are healthcare providers' biggest security and privacy concerns, according to a recent KLAS survey.

Unauthorized access to confidential information about the Duchess of Cambridge and reportedly Kim Kardashian are but two of the many high-profile cases. It's just one of three types of insider threats that call for a strong program to monitor your systems.

To keep data secure, more hospitals are focusing on how information flows through the organization to detect abnormalities, attendees at the recent iHT2 conference in Boston said.

To learn more:
- find the interview

Suggested Articles

Nearly 10,000 patients involved in research studies were impacted by a third-party privacy breach that may have exposed their medical diagnoses, test results…

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.