HIPAA Security and Role Based Access Control (RBAC) As more mission critical applications move on-line, covered entities are challenged to only provide access based on the user's function within the organization. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules require controlling access to information based on the user's role within the organization. Access control is one of the three key security technology challenges facing organizations. The other two being authentication and security administration. The focus of this document is on access control, and in particular, the application of Role Based Access Control (RBAC) to meet the requirements of the final HIPAA Security Rule. Topics addressed include: the HIPAA Privacy Rule and Access Control, HIPAA Security Rule and Access Control, the Minimum Necessary Standard, Information Access Management, Types of Access Control, RBAC Solution Requirements, and Getting Started with RBAC. The other titles that can be useful are: HIPAA Security Rule: Administrative Requirements HIPAA Security and Risk Analysis Seven Steps to HIPAA Security Compliance HIPAA Security & Contingency Planning HIPAA Security & Authentication Creator of the first program on HIPAA skills certification and author of the #1 book on HIPAA, Getting Started with HIPAA, Uday O. Ali Pabrai is a highly sought after HIPAA consultant, Security expert and an exceptional speaker. Mr. Pabrai's clients have included Blue Cross Blue Shield Affiliates, several state and county governments, Wells Fargo, U.S. Defense Intelligence Agency, U.S. Naval Surface Warfare Center, Florida Department of Law Enforcement, Marsh and many others. Mr. Pabrai has delivered keynote and other sessions at numerous conferences worldwide including the National Council for Prescription Drug Programs (NCPDP) National HIPAA summit, COMDEX, COMNET & DCI's Internet Expo.