Healthcare organizations must comply with strict HIPAA rules and security measures to reduce risks and vulnerabilities. They must also ensure confidentiality, integrity and availability of all electronic protected health information.
Organizations often adopt the NIST Special Publication guideline to address HIPAA rules, which describes the enforcement of SOD through assigned access authorizations.
The NIST standard recommends implementing access controls on information systems to prevent users from having all of the authority to perform fraudulent activity, to help prevent collusion. For example, the same person that issues refunds shouldn’t be the approver of those refunds. This ensures that no malevolent activity goes unnoticed and corrective remediation measures can be taken.
Copyright © 2022 Saviynt Inc. All Rights Reserved.
#1 IGA Solution. New Identity Leader for the Cloud Era.
Gartner | 2021 IGA Solution Scorecard