Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.103 Manage access cards

This document contains the details of the security requirements related to the definition and management of access control in the organization. This requirement establishes the importance of defining processes to manage access cards for authorized workforce members.

Requirement

The organization must define a process for assignation, stocktaking, replacement, re assignation and retirement of access cards

References

  1. HIPAA Security Rules 164.308(a)(3)(i): Workforce Security: Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.

  2. HIPAA Security Rules 164.310(c): Workstation Security: Implement physical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.

  3. HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision


Service status - Terms of Use