HIPAA - Workforce Clearance Procedure 164.308(a)(3)(ii)(B)

Overview:
Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate.

Action Items:
1) Obtain and review documentation related to workforce clearance procedures. Evaluate and determine whether such procedures has been incorporated to determine whether a workforce member's access to EPHI is appropriate. Elements to review may include but are not limited to: Clearing workforce members prior to authorizing access to ePHI; Revalidation of workforce members' clearance; Frequency of revalidating workforce members' clearance.
2) Obtain and review documentation demonstrating the clearance process prior to granting workforce members access to EPHI. Obtain and review documentation demonstrating approval or verification of access to EPHI (e.g., approved access request forms, electronic approval workflow, etc.). Evaluate and determine if workforce members were granted appropriate access to EPHI based on the clearance process prior to gaining access to EPHI.

Related Documents:
1) Documentation related to workforce clearance procedures.
2) Documentation demonstrating the clearance process prior to granting workforce members access to ePHI.

Additional Guidance:
In other words, the clearance process must establish the procedures to verify that a workforce member does in fact have the appropriate access for their job function. A covered entity may choose to perform this type of screening procedure separate from or as a part of the authorization and/or supervision procedure.

Sample questions for covered entities to consider:
- Are there existing procedures for determining that the appropriate workforce members have access to the necessary information?
- Are the procedures used consistently within the organization when determining access of related workforce job functions?