Top Menu

HIPAA Security Reminder of the Week

Unique User Identification – Logon ID

The HIPAA Security Rule requires Covered Entities and Business Associates to implement a “Unique User Identification” for systems holding Electronic Protected Health Information (ePHI). It is a “required” implementation specification under the Access Control Standard and should be employed for all information assets that create, receive, transmit and maintain ePHI.

Network user “logon ID” is the unique identifier used on the network. This allows anybody to track network and system activity to a specific individual. Sharing user IDs and passwords is not allowed. If you shared this information and someone used it to access ePHI, you will be held responsible for the actions that person took using your credentials.

IDs that are not associated with active workforce members present an increased risk for abuse. The few IDs that are provided to consultants and vendors are also removed or disabled as soon as no longer needed.

Do not to share network logon ID password with any one. Keep your passwords secret.