The new HIPAA regulations have hit this small hospital with a vengeance, and it falls to the IT manager pilot fish to develop the necessary policies and protocols to stay compliant on the IT end.
"Among the many policies I had to develop in order to satisfy onerous government regulations was a computer access authorization policy," says fish. "It requires a department head to fill out an access modification form for any additions or changes in an employee's security access.
But I have a question. Why would it take "onerous government regulations" for you to realize that you needed an access authorization policy? Would you otherwise just let anybody see anything, or put the burden of authorization policies on managers with other duties to invent as they go along?