Addressable: Making sure that proper employee termination procedures are followed |
This section of HIPAA reads as "Implement procedures for terminating access to electronic protected health information when the employment of, or other arrangement with, a workforce member ends or as required by determinations made as specified in paragraph (a)(3)(ii)(B) of this section."
Having proper mechanisms to ensure that terminated user no longer have access to systems is very important to reduce the risk of potential attacks on ePHI. Terminated employees may have malicious intents or may just no longer feel responsible for adequate protection and secrecy of their access credentials that might be still valid. Action1 helps to automate certain checks related to employee termination procedures, such as make sure that all user profiles on workstations are deleted for any inactive user accounts.
Sign-up for Action1 Free Edition to receive real-time alerts and view instant data from your endpoints, such as alert on 164.308 (a)(3)(ii)(C) Workforce Security: Termination Procedures created, deleted or modified or run live or scheduled queries with the ability to export to CSV or Excel. Action1 Endpoint Security Platform is entirely SaaS, with online web interface (no management tools to install) and it has zero cost for basic functionality. Running in the Cloud, Action1 discovers all of your endpoints in seconds and you can query your entire network in plain English.
Endpoint configuration management in the Cloud
Manage endpoint configuration using plain English from the Cloud. Such as type 'Windows services' or 'reboot computer'.
Get results instantly from live systems and run automated actions.
Related Alerts and Reports:
164.308 (a)(1)(ii)(A) Security Management: Risk Analysis
Required: Assessment of risks and vulnerabilities of ePHI
164.308 (a)(1)(ii)(D) Security Management: Information System Activity Review
Required: Regular reviews of audit logs and other tracking information
164.308 (a)(4)(ii)(B) Information Access Management: Access Authorization
Addressable: Verifying that access granting policies and procedures are in place
164.308 (a)(4)(ii)(C): Information Access Management: Access Establishment and Modification
Addressable: Granting and changing access to workstation and other components
164.308 (a)(5)(ii)(B) Security Awareness and Training: Protection from Malicious Software
Addressable: Procedures for guarding against, detecting, and reporting malicious software
164.308 (a)(5)(ii)(C) Security Awareness and Training: Log-in Monitoring
Addressable: Procedures for monitoring log-in attempts and reporting discrepancies
164.308 (a)(5)(ii)(D) Security Awareness and Training: Password Management
Addressable: Procedures for creating, changing, and safeguarding passwords
Find more information on 164.308 (a)(3)(ii)(C) Workforce Security: Termination Procedures at Microsoft TechNet.