What do Michael Jackson, George Clooney, U.S. Representative Gabrielle Giffords and Nadya “Octomom” Suleman have in common? Each of these celebrities had their medical records breached by non-authorized healthcare personnel. Since the enforcement of HIPAA in 1996, there have been numerous medical record-breach violations that resulted in fines, firings, suspensions, and even prison sentences. While EHRs have varying degrees of record access and audit features, there is a need to continue to protect the privacy and security of all medical records, both current and legacy, including those of high-profile patients. Role-based access controls (RBAC) allow health information managers to establish, control, and track record access so that – when needed – users can legitimately gain access to a restricted patient record. Some of the most important RBAC benefits to a healthcare organization include: The simplification of access definitions, auditing, and administration of user security access rights. The assignment of role versus user-based access. This means that the delegation of access rights doesn’t occur at the discretion of any user, including the security administrator. Instead, roles are clearly defined and imposed, without exception. The minimization of intentional or inadvertent viewing, deletion, or modification of files. The ability to push out updates by roles – which apply to multiple users – instead of updating privileges for every user on an individual basis. We know that access to, and protection of, ePHI across the entire lifecycle of the medical record is a priority, especially concerning more classified patients. As such, our HealthData Archiver™ solution has numerous features to manage, audit and protect legacy health records. This includes a specific role-based feature targeting the safety of highly confidential medical records – Break the Glass. With the ability to assign patient records as Classified (employees, patient requests, domestic abuse, behavioral health), or Highly Classified (celebrities, government officials, athletes), even legacy ePHI stored in an active archive has an added layer of security and tracking. Break the Glass provides: A Client Administrator option to add a Gatekeeper who is responsible for managing Care Team Member access for Highly Classified patients. Extra security measures, including explicit auditing of user authentication, authorization, and data level access. End user access to privileged patient information only when necessary or in the event of an emergency, requiring that a reason to access the patient record be indicated. Cybersecurity today requires a comprehensive safety plan for ePHI that includes fortifying records from external as well as internal threats. Harmony Healthcare IT can help mitigate your risk. HealthData Archiver™ consolidates data stores, reduces out-of-production system maintenance costs, and complies with record retention mandates. But most of all, our archiving solution provides increased security from both external cyberattacks and internal threats, protecting your organization and your patients. Looking for increased security in your legacy data management strategy? We’re leading the way and ready to help.