Successfully implementing access controls takes prep work

Laying the groundwork is essential to successfully implementing role-based access control at healthcare organizations, PeaceHealth's Christopher Paidhrin tells HealthcareInfoSecurity in an interview.

That prep work includes evaluating whether the organization is ready to accept access based on job role, says Paidhrin, security administration manager in PeaceHealth's information security technology division. Carefully draft a business case before scoping and planning, he adds.

Another key: Collaborate with application and data owners, human resources, privacy, and information security teams, Paidhrin tells HealthcareInfoSecurity. "Find ways to simplify every phase and step, minimize hand-offs, delegate authority for standard changes and set boundaries and expectations for the process."

Identity management and unauthorized data access by employees are healthcare providers' biggest security and privacy concerns, according to a recent KLAS survey.

Unauthorized access to confidential information about the Duchess of Cambridge and reportedly Kim Kardashian are but two of the many high-profile cases. It's just one of three types of insider threats that call for a strong program to monitor your systems.

To keep data secure, more hospitals are focusing on how information flows through the organization to detect abnormalities, attendees at the recent iHT2 conference in Boston said.

To learn more:
- find the interview

Suggested Articles

Silicon Valley giants are building software and technology tools to serve as trusted healthcare resources in the ongoing COVID-19 outbreak.

An advisory group to ONC is standing up a coronavirus task force to tackle privacy and interoperability issues impeding frontline clinicians.

Medical researchers are using Oura smart rings and Fitbits to study whether data from wearables can identify the early onset of COVID-19.