Access to this system is restricted to authorized users only. Violators subject to imprisonment and/or fine. Continuing beyond this point certifies your understanding and compliance with all applicable restrictions and regulations.

  • Authorized users will establish access, management and internal data security controls and processes. Authorized users are responsible for/to:
  • 1. A signed Business Associates Agreement as the “covered entity” for access to and utilization of the AKAIMS.
  • 2. At a minimum, one “site administrator role” is designated to function in the administration and management of the Department Approved Providers respective AKAIMS account.
  • 3. Establish a provider-level “new user account” process that include “privilege management”; separation of duties or principal of least privilege to maximize role and role attributes.
  • 4. Establish a provider-level user access audit and review process for agency staff roles and permissions; review and validate their AKAIMS users in a periodic and timely manner.
  • 5. Establish a provider-level termination of accounts process.
  • 6. Report the status of controls in the environment to the DBH/ AKAIMS office, as requested.
  • 7. Conduct periodic security risk analysis.[1] Note: The HHS Office for Civil Rights' has issued Guidance on Risk Analysis, and in conjunction with ONC, a security risk assessment tool. Also, ONC offers a set of questions Nationwide Privacy and Security Framework.
  • 8. Provide ongoing security awareness and training. To safeguard patient health information, your workforce must know how to implement your policies, procedures, and security audits. HIPAA requires you as a covered provider to train your workforce on policies and procedures. Also, your staff must receive formal training on breach notification.