The following answer has been forwarded from CMS Support Central.

You can view this answer at

http://questions.cms.hhs.gov/cgi-bin/cmshhs.cfg/php/enduser/std_adp.php?p_faqid=4737&p_created=1115242167

Other CMS provided Frequently Asked Questions (FAQ) can be found at http://www.cms.hhs.gov/hipaa/hipaa2/default.asp
Select "Frequently Asked Questions" From "General Information" menu. Regards, Share HIPAA

Summary
---------------------------------------------------------------
Question

Does the Security Rule permit a covered entity to assign the same log-on ID or user ID to multiple employees?

Answer
No. Under the HIPAA Security Rule, covered entities, regardless of their size, are required, under § 164.312(a)(2)(i) to “[a]ssign a unique name and/or number for identifying and tracking user identity.” A “user” is defined in § 164.304 as a “person or entity with authorized access.” Accordingly, the Security Rule requires covered entities to assign a unique name and/or number to each employee or workforce member who uses a system that maintains electronic protected health information (EPHI), so that system access and activity can be identified and tracked by user. This pertains to workforce members within small or large healthcare provider offices, health plans, group health plans, and healthcare clearinghouses.