Access Establishment and Modification Clause Samples
Access Establishment and Modification. Business Associate will implement policies and procedures to establish, document, review, and modify a user’s right to access systems that create, receive, transmit, transact or store PHI.
Access Establishment and Modification. The Company will review who has Access to ePHI and whether such Access is limited to ePHI that is minimally necessary to perform applicable functions.
Access Establishment and Modification a. Potential employees shall undergo employment background checks and other measures deemed necessary by GCHD’s management prior to hiring. Results of such measures shall be reviewed by GCHD’s management before the employee is granted access to electronic protected health information.
b. All employees who access ePHI will be given a user ID and be required to establish a password in accordance with GCHD’s guidelines in order to gain such access.
c. Physical access controls, such as keycards and combinations, will be used to restrict access to areas containing electronic protected health information to authorized users only, as appropriate.
d. GCHD will develop and document an emergency access procedure to allow access to electronic protected health information by certain specified employees under unanticipated or urgent circumstances.
Access Establishment and Modification. (Addressable)
(a) As addressed in the Workforce Security policy, all network users must have their access requirements specified as a part of their job descriptions, and each user must attend the appropriate training classes necessary to qualify for varying levels of access to ePHI within the network, as determined by the appli- cation managers and the Network Manager. If employees are given greater responsibilities requiring an increased level of access, the senior managers must ensure that the employee’s job description is mod- ified and that the employee is scheduled for further training to qualify for the increased access.
(b) The IS Director, through the senior managers, will ensure that user access requirements are periodically reviewed and that appropriate changes to user access are made as job requirements change. 45 CFR §164.308(a)(5)(i) of the Security standards states that covered entities must “implement a security awareness and training program for all members of its workforce (including management).” To implement the Medical Center Clinic’s (MCC’s) Security Awareness and Training policies and the policies for the subordinate implementation specifications: Security Reminders, Protection From Malicious Software, Log-in Monitoring, and Password Management.