SAVIYNT FOR HEALTHCARE - SOD
WORKBENCH

Healthcare organizations must comply with strict HIPAA rules and security measures to reduce risks and vulnerabilities. They must also ensure confidentiality, integrity and availability of all electronic protected health information.

Organizations often adopt the NIST Special Publication guideline to address HIPAA rules, which describes the enforcement of SOD through assigned access authorizations.

The NIST standard recommends implementing access controls on information systems to prevent users from having all of the authority to perform fraudulent activity, to help prevent collusion. For example, the same person that issues refunds shouldn’t be the approver of those refunds. This ensures that no malevolent activity goes unnoticed and corrective remediation measures can be taken.