The length of the document below is: 2 page(s) long
The self-declared author(s) is/are:
www.hhs.gov
The subject is as follows:
Subject: Original authors did not specify.
The original URL is: LINK
The access date was:
Access date: 2019-04-01 15:21:44.549335
Please be aware that this may be under copyright restrictions. Please send an email to admin@pharmacoengineering.com for any AI-generated issues.
Loading...
Reload document 
Open in new tab The content is as follows:
November 2017
Insider Threats and
Termination Procedures
Data breaches
caused by cu
rrent
and
former w
orkforce members
are a recurring
issue
across
man
y industries, includin
g the healthcar
e industry
. Effective
identity
and access
management
(IAM)
policies
and controls
are essential
to reduc
e the ris
ks posed b
y thes
e type
s of insider
threats
. IAM
can incl
ude man
y processes, but
most commonl
y would inclu
de the processe
s by which appropriate access to data is granted, and eventually terminated, by creating and managing user accounts. Making sure that use accounts are terminated, so that former workforce members don™t have access to data, is one important way IAM can help reduce risks posed by insider threats. You
r Employee Just Quit!
When an employee or other workforce member
leaves
, it is extremely important that covered
entities and business associates prevent
unauthorized access to protected health information
(PHI)
by
ensuring that the former workforce member™s access to PHI is effectively terminated
. Also make sure that mobile devices like laptops and smartphones are returned, and if the use of
ePHI on personally-owned phones or other devices is permitted, that those devices are cleared or
purged of ePHI. In addition to
address
ing
the risks associate
d with the potential unauthorized
access
of ePHI
by former
workforce members
, effective termination procedures also reduce the
risk that
inactive u
ser accounts
(for example, user
accounts that are
not being used or are
inactive
, but
are
not fully
terminated or disabled)
could be
used by a current or former workforce
member with evil motives to get
access to ePHI.
Tim
e to Exit the Building!
Procedures to
terminate
access to ePHI
should also
include termination of physical access to
facilities.
Pro
cedures to terminate
physical access could include
changing combination locks and
security codes, removing users from access lists, and ensuring the return of keys, tokens,
keycards, ID badges, and other physical items that could
permit
access to
secure ar
eas with
ePHI.
Please note all content on this page was automatically generated via our AI-based algorithm (BishopKingdom ID: 2aCQszFUsQCiVAGb8UHU). Please let us know if you find any errors.