R103. Manage access cards
The organization must define a process for assignation, stocktaking, replacement, re assignation and retirement of access cards
HIPAA Security Rules 164.308(a)(3)(i): Workforce Security: Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.
HIPAA Security Rules 164.310(c): Workstation Security: Implement physical safeguards for all workstations that access electronic protected health information to restrict access to authorized users.
HIPAA Security Rules 164.310(a)(2)(iii): Access Control and Validation Procedures: Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision