The UHealth IT Security team manages access to patient related clinical information stored on the University of Miami’s computer systems. Our organization, along with other healthcare provider organizations, are becoming increasingly reliant on computer based Electronic Health Records. This increased reliance on electronically stored information exposes confidential patient information to new and an ever-changing set of risks. In the past, access to health records was controlled by limiting physical access to the patient’s paper based record, usually distributed across multiple locations based on where and when the patient received service. People, charged with maintaining the paper record, decided who had access based on policy. Access to Electronic Health Records is managed by a complex system of access controls maintained by the UHealth IT Security team.
Every person that is authorized to access confidential patient information has assigned to them a User Identification and access credentials. These credentials control what they can access and what they can contribute to a patient’s Electronic Health Record.
Some of the factors that control access are:
- User role/job e.g. nurse, doctor, clerk, coder, biller, pharmacist, etc.
- Physical location e.g. Sylvester Comprehensive Cancer Center, University of Miami Hospital, Bascom Palmer Eye Institute, etc.
- Organizational department
- Type and level of training
- Specific job responsibilities
The UHealth IT Security team manages this information for about 8,000 active users and keeps historical access records for an additional 5,000 inactive users. Inactive users are those that have left the organization or no longer need to access Electronic Health Records. Inactive users must be maintained for future historical or forensic analysis if needed.
