Establish An Audit Trail for Access Management

by

Share This Post

News & Articles

Access to critical data is paramount criteria for organizational success. Doctors and nurses need access to patient’s records to insure proper delivery of care. Too many restrictions or complicated access methodologies to internal systems can have potentially catastrophic and life-altering consequences. But there’s another side to the story. Too little control or too few internal access restrictions can lead to HIPAA violations and data exposures.

There are far too many examples to cite and the list grows by the day, but one instance continues to stay in my mind: A hospital employee recently sold the names of patients who had been involved in auto accidents to a law firm. This obvious breach only is not only disturbing for many reasons, but underscores the need for proper governance of an organization’s data within an electronic system. This breach – caused by an internal agent, a rising trend – also proves the need for regular and ongoing audits. So, how can health system leaders insure that procedures and policies minimize the risk for both sides of this issue?

The following piece examines the two most important aspects of data access control: access rights and regular audits.

Determining who gets access to what and when

Determining the baseline of necessary access rights needed for your employees, and those currently allowed by type or role of employee, is the first step of the process. This information can be gathered through user profiles — department, location, titles, roles — to establish who is able to access what and when according to permissions granted currently in your system. Once you have collected this information, the data can be forwarded to each of the respective employee’s managers for review.

Share This Post

COURSES

Our Courses

Lead Quality Auditor + Transport, Logistics, Supply Chain Management Systems (COR)

Every transport and logistics operator globally must under new Standards and Laws must ensure you deliver a high-quality service, on time, no matter what the circumstances.

View Course >

Auditor Transport, Logistics, Supply Chain Management Systems (COR)

ISO45000 brings big benefits to companies of all sizes. By allowing you to respond to the increasing customer demands for proof of systematic security management, an ISO compliant management system can.

View Course >

Introduction to ISO 31000 Risk Management Course (1 Day Program virtual online)

Effectively managing risk can be difficult for most organizations. Many focus solely on negative risks, those that can negatively impact finances, reputation, employee health, brand, stakeholder views and.

View Course >