iSchool Capstone

Shared Folder Access Review: Guiding Group Health towards ePHI Security

Project tags:

business & systems analysis

information assurance & cybersecurity

knowledge organization

Project poster

To provide its members with award-winning care, Group Health employees need access to data. This includes electronic Personal Health Information (ePHI) which is distributed throughout the company-wide scheme of network folders. To safeguard ePHI, Group Health administrators have to determine who needs access to this data and at what level. For our Capstone, we joined the Identity and Access Management Department at Group Health, where we led the File Folder Access Review process. During our 5-month engagement, we helped 60 Group Health leaders identify appropriate access among employees to ePHI data. To accomplish this, we conducted gap analysis research, refined existing review structures, and deployed access reviews of 1000+ network folders. Through our project, we ensured effective access to data in compliance with Healthcare Information Portability and Privacy Act (HIPPA) regulations, ultimately decreasing security risks for the entire Cooperative, patients and employees alike.

Project participants:

Julie Sheppard

MLIS

Veslava Ovendale

MSIM