Access to this system is restricted to authorized users only. Violators subject to imprisonment and/or fine. Continuing beyond this point certifies your understanding and compliance with all applicable restrictions and regulations.
- Authorized users will establish access, management and internal data security controls and processes. Authorized users are responsible for/to:
- 1. A signed Business Associates Agreement as the “covered entity” for access to and utilization of the AKAIMS.
- 2. At a minimum, one “site administrator role” is designated to function in the administration and management of the Department Approved Providers respective AKAIMS account.
- 3. Establish a provider-level “new user account” process that include “privilege management”; separation of duties or principal of least privilege to maximize role and role attributes.
- 4. Establish a provider-level user access audit and review process for agency staff roles and permissions; review and validate their AKAIMS users in a periodic and timely manner.
- 5. Establish a provider-level termination of accounts process.
- 6. Report the status of controls in the environment to the DBH/ AKAIMS office, as requested.
- 7. Conduct periodic security risk analysis. Note: The HHS Office for Civil Rights' has issued Guidance on Risk Analysis, and in conjunction with ONC, a security risk assessment tool. Also, ONC offers a set of questions Nationwide Privacy and Security Framework.
- 8. Provide ongoing security awareness and training. To safeguard patient health information, your workforce must know how to implement your policies, procedures, and security audits. HIPAA requires you as a covered provider to train your workforce on policies and procedures. Also, your staff must receive formal training on breach notification.