Aug 31, 2010
The Health Information Technology for Economic and Clinical Health Act (HITECH) imposed more stringent regulatory and security requirements to the privacy rules of HIPAA. Compliance with the letter of the guideline can be difficult for organizations without strong access governance processes and policies.
Healthcare organizations often struggle to maintain a consistent approach to govern user access across information resource, and as a result, may have an incomplete or fragmented posture of compliance throughout the organization. Forward-thinking organizations should use the passage of the HITECH as an opportunity to take a more risk-oriented approach by implementing an access governance framework and modernizing how patient information is stored and accessed through electronic health records (EHR). Such an approach will yield increased customer trust, decreased operational burden, streamlined operations, and superior access risk management �- all of which leads to improved organizational value.
This paper focuses on a set of best practices for implementing an access governance framework and the specific access controls requirements for HIPAA/HITECH.