Authentication And Access Control
Access to personally identifiable information is restricted, and HIPAA requires that policies and controls are in place that authorize access to the data based on the user's or recipient's role. Employees need to undergo user awareness training to properly understand the policies and procedures for accessing the data. HIPPA also requires periodic assessments to measure the effectiveness of the security controls and policies in place. Organizations must assign a unique name or number for identifying and tracking user identity. It also requires the establishment of emergency access procedures. Mechanisms need to be in place to verify the identity of individuals attempting to access systems, and once validated, they need to limit permissions to only the necessary sensitive resources.