1670.005 HIPAA SECURITY: ACCESS CONTROLS TO SYSTEMS CONTAINING ELECTRONIC PROTECTED HEALTH INFORMATION
1. Florida International University departments and units that create, maintain or transmit electronic protected health information including, without limitation, the University’s health care components, shall allow access to systems that maintain electronic protected health information only to those persons who require such access in order to perform their job duties.
2. Each department or unit employee who requires access to electronic protected health information shall be assigned a unique name and/or number for identifying and tracking user identity.
3. The University HIPAA Security Officer in collaboration with the designated HIPAA Security Administrators for each department or unit shall develop an emergency access procedure that will allow access to electronic protected health information during an emergency.
4. Specific times must be defined for electronic sessions to be automatically locked and terminated after periods of inactivity.
5. Electronic protected health information shall be encrypted prior to transmission and the procedures for doing so shall be documented by each department or unit.
Published on 2017-12-13
Administrative Oversight & Contact Information
Office of University Compliance & Integrity
University Compliance & Privacy Officer
- Phone: 305--348-2216