All PlansAdministrativeMedium impact
Manage Your Portal Users and Protect Patient Privacy
EmblemHealth·Provider News
We identified it
Jun 20, 2026
Summary
EmblemHealth requires portal administrators to regularly audit user access, deactivate accounts for departed staff, and ensure users only have minimum necessary access to PHI per HIPAA requirements. Provider accounts are automatically inactivated when they leave the network, but non-provider staff accounts must be manually managed.
Action Required
Immediately: Portal administrators must schedule regular audits of all portal users to ensure compliance with HIPAA's minimum necessary standards. Deactivate portal accounts for any non-provider staff who have left the organization. Verify all current staff are assigned only to the Tax IDs, providers, and roles that match their job requirements. Note that provider accounts are automatically updated when providers leave the network.