Question

An employee accesses PHI on a computer system that does not relate to her job functions. Identify the security mechanism that should have been implemented to minimize this security breach.

A. Role-based access controls
B. Encryption controls
C. Authentication controls
D. Audit controls

Answer 1

To prevent unauthorized access to PHI, Role-based access controls (RBAC) should be implemented, ensuring that employees have access only to data necessary for their specific roles.

Step-by-step explanation:

An employee accessed PHI on a computer system that did not relate to their job functions. The security mechanism that should have been implemented to minimize this security breach is Role-based access controls (RBAC). Role-based access controls ensure that access to sensitive information such as PHI is granted based on the employee's role within the organization. Employees are given access only to the information that is necessary for them to perform their job functions. This principle is a part of the concept known as the least privilege, which is critical to securing information systems.