1670.025 HIPAA SECURITY: INFORMATION ACCESS MANAGEMENT FOR ELECTRONIC PROTECTED HEALTH INFORMATION
Florida International University departments and units that create, maintain or transmit electronic protected health information (“EPHI”) must have in place the following information access management controls:
1. All members of the workforce of the particular department or unit shall be granted access to systems storing electronic protected health information (“EPHI”) only to the extent that it is necessary and appropriate for them to perform their jobs or functions.
2. The department’s or unit’s HIPAA Security Administrator, the HIPAA Security Officer and the HIPAA Privacy Officer shall be responsible for determining and granting the appropriate access to electronic protected health information.
3. The department’s or unit’s HIPAA Security Administrator, the HIPAA Security Officer and the HIPAA Privacy Officer shall ensure that access to EPHI is terminated immediately once an employee terminates his or her employment with the University or is transferred to another University department or unit.
4. All employees shall be trained regarding appropriate access to EPHI, including the awareness of information access controls.
Published on 2017-12-13
Administrative Oversight & Contact Information
Office of University Compliance & Integrity
University Compliance & Privacy Officer
- Phone: 305--348-2216