1670.055 HIPAA SECURITY: WORKFORCE SECURITY REGARDING PROTECTED HEALTH INFORMATION
University departments performing HIPAA transactions must comply with the following workforce security policy:
1. Workforce members shall access only those areas and the applicable health information contained therein to which they are authorized according to their appropriate personnel clearance levels.
2. The procedures herein shall be referenced to and coordinated with the policies and procedures for INFORMATION ACCESS MANAGEMENT FOR ELECTRONIC PROTECTED HEALTH INFORMATION POLICY.
3. The designated HIPAA Security Administrator, in collaboration with the HIPAA Security Officer and HIPAA Privacy Officer are the University representatives responsible for determining the appropriate personnel clearance levels. The HIPAA Security Administrator shall maintain a list detailing the level(s) of clearance for each person.
4. Within 24 hours of an employee’s official Notice of Termination or inter-departmental transfer, the designated HIPAA Security Administrator must be notified. Upon notification the HIPAA Security Administrator shall determine the extent, including the appropriate time, to which the employee’s personnel clearance level and access authorizations will be eliminated and/or modified.
5. All employees shall be trained regarding appropriate personnel clearance levels.
Personnel security clearance policies and procedures may be amended from time to time as necessary to comply with all applicable business associate agreements.
Published on 2017-12-13
Administrative Oversight & Contact Information
Office of University Compliance & Integrity
University Compliance & Privacy Officer
- Phone: 305--348-2216