Analyzing Employees’ Roles Helps Determine Amount of Protected Health Information to DiscloseIssue: Under the Health Insurance Portability and Accountability Act (HIPAA), how do health care providers ensure that employees, physicians and others use or disclose only the "minimum necessary" amount of protected health information needed to do their jobs? Resolution: Role-based access analysis. HIPAA mandates that employees, for example, be given access to only that amount of protected health information absolutely necessary for them to do their jobs. Therefore, the starting point is to assess what jobs require what access to protected health information; hence, role-based access analysis. A recommended approach is to create an Access Control Log for every job description. Each log should evaluate whether the job description in particular is involved with patient protected health information in any or all of the following ways:
Once each job description is amended to include an analysis of how and in what manner each job position interacts with patient protected health information, then current and new employees must participate in access control discussions. Performance evaluations should reflect appropriate and successful adherence to such access control requirements. For more information, please Call or E-mail Articles page HIPAA page top of this article |