NaviNet is not like general public websites (think Amazon or eBay) where anyone can just sign up. NaviNet accesses patient-specific information from health plans, and we are all obligated under HIPAA to protect this information. NaviNet users must have a legitimate reason to access this information. So NaviNet verifies that each office is a legitimate provider and then delegates to each office the authority to set up their own users. The Security Officer is the individual who has this authority.