When an employee departs from your practice, it's essential to take several steps to revoke their access to patient data. You may already be familiar with many of these measures, including:
1. Ensuring they no longer have physical access to your office (e.g., collecting keys, changing locks, updating alarm codes).
2. Disabling their login credentials for practice computers, including remote access (e.g., deactivating accounts and removing permissions).
3. Revoking access to your cloud-based applications, such as your electronic health records (EHR) systems (e.g., deactivating accounts and permissions).
However, have you considered the websites your practice utilizes for checking patient eligibility, reviewing claims data, and managing referrals, such as Availity, Cigna, and Blue Cross Blue Shield? When an employee is terminated, it's crucial to ensure they cannot access these sites, as unauthorized access could lead to breaches of patient confidentiality.
Typically, these platforms allow only one username and password per practice, which means many practices end up sharing login credentials among team members. While this isn't an ideal practice, the lack of options for multiple accounts often forces this situation. If any of the websites you use permit multiple user accounts for your practice, take advantage of that feature and assign each employee who needs access their own unique username and password.
When an employee who had access to these platforms leaves, changing the account passwords is imperative. If that employee was the primary contact for a particular account, you will need to update the account information, including the contact name, email address, and any multi-factor authentication settings related to access management. If the website does allow multiple user accounts for your practice, simply deactivate the account tied to the former employee.
If you haven't implemented these steps regularly in the past, now is the opportune time to update all passwords for these sites, verify your practice's contact information, and ensure that the listed contact person is still correct.
For more information about HIPAA compliance please contact TLD Systems at
(631) 403 6687
Read Comments