Numerous federal, state and local laws, regulations and rules protect the privacy and security of personal information, particularly, health information. For example, federal laws limit access to health information to treatment, payment and health care operations personnel only to the minimum extent necessary to accomplish the intended purpose. Certain health information is “protected health information” (PHI), such as, name, address and Social Security number, and may not be disclosed to unauthorized personnel. In addition, information about access to protected health information must be logged and stored for significant periods of times, and unauthorized access to protected health information may have to be reported to legal and regulatory authorities.
Information management application programs, such as information management programs used to process health care and pharmaceutical insurance claims, require access to protected personal information, such as protected health information. Such insurance claim information management application programs may be accessed by many different users. Some users will require constant access to protected health information, while others require only infrequent access and still others will need no access to protected health information.
Known systems and methods for controlling access to protected personal information establish and assign user roles and only certain user roles are authorized to access protected health information. Known systems log and store information about all information accessed by such authorized users even though the authorized user may not always need access to protected health information, which increases the cost of compliance with laws regulating access to protected health information. Thus, what is needed is a computer based system and method and computer program product for controlling access to protected personal information and that minimizes the amount of protected personal information that must be logged and stored for legal or other reasons.