2.2 Identity & Access Controls
P-CIS is equipped with both role-based access controls and user level access to records. Identity and access management are important to avoid unauthorized access to sensitive ePHI data. Opeeka P-CIS uses Azure AD to secure access to data hosted in the P-CIS application. Permissions are managed at the platform level to prevent unauthorized access to an Azure portal where the applications is hosted. External user’s access to the application is also implemented using Azure AD B2C to protection against unauthorized access to P-CIS Application.
P-CIS implementing multi-factor authentication (MFA) for Azure portal administrators and external application users to enforce two-step authentication before accessing the P-CIS platform.
P-CIS also Layers role-based access control (RBAC) at the Azure resource level to ensure that administrators are assigned only the necessary rights to perform activities within their purview. Privileged identity management then helps monitor any administrative activities happening in the Azure environment and flag any changes in access-permission assignments.
Azure AD conditional access is also implemented to ensure that users are signing in from secure networks, approved devices, and approved applications. These additional access control mechanisms will ensure that unauthorized personnel are denied access to sensitive client health information hosted in the Application.