What is a named user account?
A named user account is one that identifies the specific individual, by name, who will be accessing the Dynamics Incident Reporting system. The user account must be associated to an email address that identifies the user by name.
Why does every Dynamics user (incident reporter) need a named user account?
The new Dynamics Incident Reporting application is designed to include resident identifiers (name, DOB in Incident Reports) and health status (e.g. residence in a Special Care Unit, prescribed medications), therefore we have certain responsibilities as administrators of a system that holds that Personal Information (PI) and Protected Health Information (PHI). For more information, see HIPAA (the federal Health Insurance Portability and Accountability Act of 1996) and FIPA (Fair Information Practices Act, M.G.L. Chapter 66A).
Our policy is that each user must review and accept their responsibilities as users of the system that holds PI and PHI. Our system will maintain audit trails that provide records of the specific individuals who access particular records, which are important in case of an information breach.
Why can't we just use, for example, an email address such as resident.care.director@main-street-assisted-living.com?
The user account's email address is used for password resets and may be used to gain access to the Dynamics system and related PI/PHI. A role-based email address would breach administrative security: our system's audit records would not contain information about the individual accessing Protected Information in the Dynamics system.