To find out who your NaviNet Security Officer is, within NaviNet, select Welcome in the upper-right corner of the screen, click Manage My Profile, and then click My Security on the left side of the page. The names of the NaviNet Security Officers for your office are listed at the top of the page.
The NaviNet security officer is your office's primary contact with NaviNet regarding security issues. The security officer also interacts with NaviNet users in your office and with NantHealth Support to ensure that users are getting the most out of NaviNet. NaviNet-enabled offices must have at least one NaviNet security officer, but can have more if necessary.
NaviNet requires at least one NaviNet Security Officer per office. The office management can select the user to take on the NaviNet Security Officer role. This should be a trusted individual, as he or she will be giving other users access to PHI. Typically, NaviNet Security Officers are office supervisors, lead administrators, experienced NaviNet users, or members from IT or the Privacy/Security department.
NaviNet is not like general public websites (think Amazon or eBay) where anyone can just sign up. NaviNet accesses patient-specific information from health plans, and we are all obligated under HIPAA to protect this information. NaviNet users must have a legitimate reason to access this information. So NaviNet verifies that each office is a legitimate provider and then delegates to each office the authority to set up their own users. The Security Officer is the individual who has this authority.
In a recent survey, we asked our current group of NaviNet Security Officers how much time they spend on performing their NaviNet tasks. More than 75% of the survey respondents said they spend 10 minutes per week or less on Security Officer tasks.
NaviNet requires users to change their passwords periodically in accordance with HIPAA security standards.
The following is a brief summary of the NaviNet password lifetime. It is does not attempt to present the NaviNet password policy in its entirety, nor is it a comprehensive listing of all NaviNet user statuses.
Yes, as long as this person uses NaviNet and is willing to serve as the contact person for NaviNet-related to security issues. You may also designate another person to serve as the NaviNet Security Officer who will work with the practice's Security Officer.
The Security Officer Agreement identifies the roles and responsibilities of the NaviNet Security Officer. It is presented online to users who have agreed to be the NaviNet Security Officer for their office. If, after reading the Security Officer Agreement, the users change their minds, they should not accept the agreement. They will not be allowed to sign in to NaviNet and will need to call NaviNet Customer Service at 888-482-8057 to designate another NaviNet Security Officer.
HIPAA Compliance. Designating a Security Officer for NaviNet is one step towards HIPAA compliance for the provider office. This person will be responsible for security issues relating to NaviNet. For example, this includes distributing new user information, which includes adding new users to NaviNet, assisting users with password-related issues, and terminating users who have left your office.
Having a NaviNet Security Officer will help you be HIPAA-compliant. The proposed HIPAA Security and Electronic Signature Standards Regulation requires that covered entities (such as payers, providers, and clearinghouses) designate a Security Officer who is responsible for overseeing information security (including physical security as it relates to limiting inappropriate access to IT) within the covered entity. The NaviNet Security Officer will be responsible for ensuring that NaviNet is secure from inappropriate user access.