Confirm unique user accounts are used

Needs Work

Verify that every workforce member who can reach patient information signs in with an individual account, not a shared login.

Complete

Evidence is in place and no active risks remain.

Needs Work

Track active risk and follow-up plan.

Selected

Not Applicable

Document why this action does not apply.

Evidence

Collected

Confirmation note: confirming

May 27, 2026, 11:59 AM

Risks

Critical Shared or generic login is still in use: One or more workforce members may be using a shared account, making activity harder to trace and access harder to remove when roles change.

Plan: Replace routine shared use with named accounts and document any temporary exception.

1. Evidence should support the specific Action

Evidence can be a note, link, or allowed attachment. Suggested evidence appears inside the Add evidence modal, so users get a helpful starting point without cluttering the evidence table.

Avoid uploading PHI. HIPAAList treats organization attachments as sensitive and checks files before evidence can be stored.

2. Active risks keep the Action in Needs Work

When a gap remains, add an Action risk with likelihood, impact, and a follow-up plan. Adding an active risk saves the Action as Needs Work so the next step stays visible.

Resolved risks move into evidence/history rather than staying in the active Risks table. That keeps current work focused while preserving useful history for SRA and export review.