This section of HIPAA is concerned with access control. In the IT infrastructure of a Medical organization, proper access is essential for patient privacy. Furthermore, access must be restricted to a “need to know” basis to prevent leaks to unauthorized third parties. To this end, this audit seeks to a) make sure all access is restricted (that is to say requires some more of credential validation before access) and auditable to a unique single identity (group or individual) and b) to make sure that the user credentials (passwords, pins, etc) are strong and secure within reason. By enforcing the above aspects of HIPAA the organization can be sure that all access is secure and that patient privacy and confidentiality are maintained. This aspect of HIPAA is also important for legal issues that may arise from a lawsuit or employee misconduct.

You can view the embedded presentation below using the SlideShare applet below. The demo video form YouTube is automatically embedded for your convenience..

Some good references to get started with HIPAA:

• Information for Health Service Consumers
• Indian Health Services Info on HIPAA
• Introduction to NIST Guidelines to implementing HIPAA
• NIST 800-66 HIPAA Guidelines for download atNIST Publications.
  NIST SP-800-66 direct download in pdf See Bookmark 4.14 in the PDF for content specifically related to this presentation, which is published page 40, found on page 48 of the PDF).

If you would like more information, please feel free to contact me