Facility Access Controls III

The next Facility Access Control task is also addressable. Access Control and Validation Procedures require agencies implement procedures to control and validate a person's access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.

This task can cover a lot of ground. First, how do you handle visitors? If you are a small organization it may be through your reception desk. Smaller organizations can manage this task more easily as visitors are easy to spot. Larger organizations may need badges or even escorts to meet this task. Do cleaning people have access to your servers or workstations? Are they specifically not allowed to access these areas? Do you have any internal or outsourced software development? What controls do you need to prevent these users from accessing protected EPHI?