Healthcare-Specific Requirements for Automating User Access Reviews
Access Auditor and Access Manager work together to help healthcare organizations meet these identity and access management requirements.
- Automate the user access review process. What used to be a labor-intensive and time-consuming manual process can be streamlined and automated in under one week.
- Automate the provisioning and termination of user accounts. The advanced workflow rules in Access Manager trigger automated creation and removal of user access with no manual intervention.
Access Auditor will give you a fast and easy solution for automating your user access reviews, while Access Manager can streamline and automate your provisioning and termination process.
HIPAA and HITRUST mandate the control and review of user access rights to protected health information (PHI). Specifically, 45 CFR § 164.308(a)(3)(ii)(B) states that organizations must:
“Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate.”
In addition, 45 CFR § 164.308(a)(3)(ii)(C) requires a covered entity to
“Implement procedures for terminating access to electronic protected health information when the employment of a workforce member ends or as required by determinations made as specified in paragraph (a)(3)(ii)(B) [the Workforce Clearance Procedure] of this section.”
Related Information
Successful Healthcare Customers
With Access Auditor, we were able to replace our manual process and succeed with periodic access reviews for management across the hospital. Access Auditor’s simple and intuitive approach was a big win for CHLA.