One post tagged with "PHI"

Overview​

This release introduces the PHI Access Consent Acknowledgement experience in OmegaAI, designed to strengthen privacy, compliance, and auditability across the platform. All non-federated users — including local users and social Identity Provider (IDP) users — are now required to explicitly acknowledge a mandatory compliance disclaimer before accessing any Protected Health Information (PHI) within OmegaAI.

How to Acknowledge the Disclaimer​

What’s New​

1. Mandatory PHI Access Disclaimer on Login​

What changed:​

Upon login, all non-federated users (local and social IDP users) will now be presented with a full-screen Protected Health Information (PHI) Access and Use Disclaimer. The disclaimer must be acknowledged before any PHI, or application functionality becomes accessible.

Benefit:​

Ensures that every user explicitly confirms their authorization and legal basis to access PHI, supporting HIPAA and HITECH compliance obligations while reducing the risk of unauthorized PHI exposure.

2. Consent Recording and Audit Logging​

What changed:​

When a user selects Agree, their consent is securely captured via an API call and stored in the backend (EXT.JSON structure). Each consent event is logged with the user action (Agree/Disagree), timestamp, geographic location, and time zone.

Benefit:​

Provides a complete, tamper-evident audit trail for both acceptance and rejection events, supporting regulatory audits and internal compliance investigations.

3. Access Control Enforcement​

What changed:​

PHI access and all application functionalities are fully blocked until the user provides a recorded response to the disclaimer. The disclaimer cannot be dismissed, bypassed, or closed without consequence. If the window is closed without a response, the disclaimer will reappear on the next login.

Benefit:​

Guarantees that no user can access PHI without explicit prior consent, eliminating any possibility of accidental or unauthorized access at the point of authentication.

4. Disagree Flow – Immediate Logout and PHI Block​

What changed:​

If a user selects Disagree, they are immediately logged out and redirected to the login screen. No consent data is written, and PHI access remains blocked.

Benefit:​

Preserves the integrity of the consent process and ensures that users who do not agree to the disclaimer are prevented from interacting with any PHI-sensitive workflows.

5. Multi-Language Support​

What changed:​

The PHI Access and Use Disclaimer is available across all supported OmegaAI language translations.

Benefit:​

Ensures that all users, regardless of their preferred language, can clearly understand the compliance requirements before accessing PHI.

Important Notes​

• Applies to all non-federated users only (local users and social IDP users). Federated users authenticated via external enterprise identity providers are not affected.
• PHI access and all application functionalities are fully blocked until consent is recorded — there is no workaround.
• The disclaimer cannot be bypassed, dismissed, or skipped. Closing the window without responding will cause it to reappear on the next login.
• Once a user accepts the disclaimer, it will not appear again for that user.
• A full audit trail is captured for both acceptance and rejection events, including timestamp, user location, and time zone.
• The disclaimer is compliant with HIPAA, HITECH, and applicable state or regional privacy laws and is available in all supported OmegaAI language translations.

Where to Find It​

The PHI Access and Use Disclaimer is automatically presented during the login flow. No manual navigation is required.

Login Page → PHI Access and Use Disclaimer (auto-triggered post-authentication)

Updated Help Articles​

Login Process and MFA – Login Process and MFA | OmegaAI User Guide