Employees in healthcare organizations need to be able to access certain networks and systems to be able to do their work these days. However, it takes far more than a call to the IT department to properly set up access to systems for staff, and even more when employees depart the organization. Some systems may be under direct control of your IT department, but many systems these days are merely accessed by staff and maintained by other entities that may not even be known to the organization. And working outside the office brings a whole host of issues that go along with remote access of your systems, and those of outside entities.
Not managing staff access properly can lead to significant privacy and breach issues. If inappropriate access is provided, staff can learn more then they need to in order to provide the services they provide. If enough access is not provided, staff may not be able to get their job done. When employees leave an organization all of their access must be terminated, even for systems you may not directly control– not doing so can lead to serious breaches of confidential information. In addition, it is necessary to reach out to those who are leaving the organization to ensure that they do not retain any PHI to which they are not entitled. Not managing staff access properly can lead to penalties and fines in the millions of dollars. Establishing good access management processes can help you avoid those issues.
Join this session, where healthcare compliance and HIPAA expert Jim Sheldon-Dean will discuss the management of staff access to systems, how it is best enabled and disabled, and how it can be provided securely when staff members work remotely.
You will learn how to manage the processes involved with establishing, monitoring, and terminating staff access to systems holding PHI. New access requires a plan for the necessary access, including locally installed systems and networks as well as those provided by other entities, establishing the appropriate control settings for each staff member, reviewing the access settings and access used, and terminating all the various access points upon a staff departure. This session will discuss the issues of remote access, including determining who should have remote access, and how it should be provided and managed. Reviews to ensure the proper controls are in place are essential to compliance.
You will be able to review the access management policies and procedures to see whether you adequately control access enablement, review, and termination. You will be able to understand where to find out about the wide range of external accesses that may be used, and who may be managing that access, or not. You will be able to develop a plan for how to rein in uncontrolled external accesses so that they can be managed and properly terminated upon staff departures. You will also be equipped to review remote access and consider how it might be better controlled to limit access to the minimum necessary and protect any PHI.
In this session, you will learn:
Who Should Attend
Compliance officers, privacy and security officers, and leadership and staff in health information management, information security, and patient relations, as well as staff in patient intake and front-line patient relations and any others that are involved in, interested in, or responsible for, patient communications, information management, and privacy and security of Protected Health Information under HIPAA, including:
Ask a question at the Q&A session following the live event and get advice unique to your situation, directly from our expert speaker.
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker