A1. New User Access Policy
Overview
Heart-Healthy Insurance Company is a Covered Entity, which is governed by the regulatory requirements of the U.S. Privacy Laws, HIPAA, and HITECH statutes and regulations. This policy documents the criteria and procedures for workforce clearance and user access privileges to confidential/private information such as Electronic Protected Health Information (EPHI) to new employees. The following guidelines are to be adhered to in assigning and limiting user access to EPHI and systems of Heart-Healthy Insurance Company.
1.0 Purpose
1 The purpose of this policy is to institute guidelines that comply with the HIPAA Security Standards and the U.S. Federal Privacy Laws. This policy is to ensure that access to Electronic Protected Health Information (EPHI) is only granted on a strict need to know basis and to ensure that access is only granted to those who have been properly screened and approved.
2.0 Scope
This policy pertains to all personnel who are responsible for requesting, processing, and granting user access to confidential/private information such as but not limited to EPHI on any system network that is the property of Heart-Healthy Insurance Co. This does not address the procedures for requesting, processing, or granting of Administrator level access privileges.
3.0 Policy
Workforce Clearance - The Human Resources Department shall process all candidates submitted for hire. The process shall include a drug screening test and a criminal background check. The services of an independent screening company shall be contracted to perform the testing. Only those candidates who are cleared and approved for hire will be extended an offer of employment.
Job Descriptions - The Information Systems Security Department will review all job descriptions in conjunction with the Human Resources Department and Department Managers and designate the level of user access that is appropriate for performing the assigned tasks....