Technical Safeguards are defined in the HIPAA Security Rule as the technology, policy and procedures that protect electronic Protected Health Information (ePHI) and control access to ePHI.

ACCESS CONTROL § 164.312(a)(1) “Implement technical policies and procedures for electronic information systems that maintain electronic Protected Health Information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)) [(Information Access Management)].”

UNIQUE USER IDENTIFICATION (R) § 164.312(A)(2)(I) “Assign a unique name and/or number for identifying and tracking user identity.”

These Safeguards require all operating systems and applications containing ePHI to have unique user IDs for all individuals accessing ePHI, including any Windows Work Group or Windows Active Directory, as ePHI is stored on local documents, downloads and shared drives. Unless individuals have unique user IDs the organization has no audit trail for user activity.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!

 

Dawn Meglino
HIPAA Compliance Office
StratX IT Solutions
dmeglino@stratxit.com
(914) 683-0005 Ext. 2108 - Work | (914) 646-2974 - Mobile