preview

Document Appropriate User Administration ( Topaz )

Good Essays
I. Purpose The goal of this policy is to document appropriate user administration. Topaz will utilize user ID and password combinations to authorize access to the Topaz Network as well as to authenticate user rights to Topaz and client’s network systems and environment. Topaz protects confidential and other sensitive information from theft, unauthorized use, damage or destruction by limiting access to authorized personnel. Accessing protected information is logged and reviewed by managers and supervisors as needed. User ID and password combinations are required to authenticate users into the Topaz network. Authorization to access sensitive/protected information and or functions is managed based on the security groups for which the…show more content…
C. Role-Based Access Authorization to access sensitive/protected health information and or functions is managed based on the security groups and/or the role of the staff. Workforce members who access to e-PHI to carry out their duties must be identified. For each workforce member, or job function, Topaz identify the e-PHI that is needed, and makes reasonable efforts to control access to that e-PHI. Topaz request minimum necessary access from covered entities to complete health information solutions and extends the minimum access provision to all its workforce members. All access to NextGen, client environment, or any health management system is role-based and authenticated with an ID and password. User ID and passwords must not be shared among staffs or with clients. D. Access Authorization/Supervision An employee’s supervisor must request for role-based access to e-PHI using the employee’s job descriptions. IT Department provides restricted role-based access to a client’s network environment/e-PHI and reviews audit logs and information systems activities as needed to monitor the appropriate workforce member is logging into the client environment at any given time. E. Access Request Clearance All requests for granting/revoking access must follow procedures documented below. 1. Granting access will be done using the system access NHF process or System request checklist. The IT Staff will: a. Validate the NHF or System form with the employee’s
Get Access