Access Control

List of Health Insurance Portability and Accountability Act (HIPAA) Access Control Policy:
1. Internal network resources, so these resources can all be grouped together.
If a specific resource such as a file share or database requires additional authentication, then this takes place when a user accesses the resource. The only exception to this policy of grouping all resources is a set of HR applications that only a small set of external users is authorized to access. Note that these users may not access the other internal resources that other users can access.

2. List the groups or users.
Most users are in one main group that has network connectivity to all internal resources. A smaller group is composed of external users that have access to the set of HR applications mentioned in the previous step.

3. List the conditions under which the resources should be accessible by the groups.
There are several conditions for accessing resources: