Administrative safeguards are designed to manage the selection, development, implementation and maintenance of security measures across a work force. They require a risk-management assessment and mandatory sanctions against employees who do not comply with security rules. Enterprises also are required to identify an official responsible for developing and implementing security policies and procedures. This can be the same person who is responsible for privacy.
All users should have unique identifiers or login IDs to information systems and electronic PHI. This will enable access-control methods consistent with privacy rules. Under HIPAA, privacy rules will be the impetus to implement security standards in 2005.
You should restrict users' access to only that information they have a legitimate need to see. Ideally, the control mechanism should be based on individual users, but the rules also allow implementation features found in directory services, like NDS and Critical Path's Directory Server. They can include context-based and role-based as well as user-based access. For example, a context base could include a practice group, such as internal medicine or the emergency room, while a role base could specify doctor or nurse.
If context- or role-based authentication is used, organizations will have to determine the appropriate contexts or job categories for their size and complexity. Organizations may allow medical staff full access to all patient records, for example, or limit them to only records for patients under their direct care. Access rules also require procedures to obtain patient information in an emergency as well as addressable specifications, including an automatic logon/logoff at workstations after a threshold of inactivity and encrypting user names and passwords.
Organizations must maintain audit trails that log all access to system information. In conjunction with logins, information-system monitors must record and examine activity in systems that contain electronic PHI. All log data should be in a form that can be retrieved and reviewed easily and should include the date and time of the access, as well as the information or record accessed and the user ID under which access occurred. This will most likely involve the aggregation of logs for system access and application access to specific data. In addition, audit logs should be reviewed regularly for discrepancies and in response to requests from individual patients.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
