11
WHAT EVERY PHYSICIAN NEEDS TO KNOW: AUTHENTICATION BEST PRACTICES

Authentication Best Practices

Embed Size (px)

Citation preview

Page 1: Authentication Best Practices

What every physician needs to knoW:

authentication best practices

Page 2: Authentication Best Practices

1 What is authentication?

• Authenticationisaprocessthattypicallyusesloginpasswordsorpassphrasestoconfirmtheidentityofapersonorentityseekingaccesstoinformationkeptonpublicorprivatenetworks,medicaldevices,servers,andsoftwareapplications.

Page 3: Authentication Best Practices

2 hiPaa requires authentication

• ThePersonorEntityAuthenticationstandardoftheHIPAASecurityRulerequiresauthenticationproceduresforanypersonorentityseekingaccesstoelectronicprotectedhealthinformation(ePHI).

Page 4: Authentication Best Practices

3 authentication requirements

• Conductanenterprise-wideriskanalysisthatidentifies:• weaknessesofcurrentauthenticationmethods;• potentialthreatsthatcanexploittheweaknesses;• thelikelihoodofabreachoccurring;and• howeachtypeofbreachcanaffectyourbusiness.

Page 5: Authentication Best Practices

authentication requirements4

• Thisprocesshelpsentitiesdetermineiftheyshould:• mitigatetheriskwithaparticulartypeofauthentication;

• keeptheircurrentauthenticationmethodinplace;• transferriskbyoutsourcingauthenticationservicestoabusinessassociate;or

• avoidriskaltogetherbyeliminatingtheprocessassociatedwithit.

Page 6: Authentication Best Practices

authentication requirements5

• Basedonpotentialrisks,considerusingaformofauthenticationthatisreasonableandappropriateforthesize,complexity,capability,hardware,andsoftwareusedinyourpractice.

Page 7: Authentication Best Practices

authentication requirements

• Dependingontheresultsoftheriskanalysis,consider:• Single-factorauthentication• Multi-factorauthenication(defined on next slides)

6

Page 8: Authentication Best Practices

single-factor authentication

• Usesoneofthreefactorstoattainauthentication:somethingyouknow,are,orhave.Forexample,apasswordissomethingyouknowandistheonlyfactorthatwouldberequiredtoauthenticateapersonorprogram.Thiswouldbeconsideredasingle-factorauthentication.

7

Page 9: Authentication Best Practices

8• Usestwoormorefactorstoachieveauthentication.Forinstance,aprivatekeyonasmartcardthatisactivatedbyaperson’sfingerprintisconsideredamulti-factortoken.Thesmartcardissomethingyouhave,andsomethingyouare(thefingerprint)isnecessarytoactivatethetoken(privatekey).

multi-factor authentication

Page 10: Authentication Best Practices

9 sources

• CornellUniversityLawSchoolLegalInformationInstitute.45CFR164.308AdministrativeSafeguards.Availableathttps://www.law.cornell.edu/cfr/text/45/164.308

• U.S.DepartmentofHealthandHumanServicesOfficeforCivilRights.Whattypeofauthenticationisrightforyou?CyberAwarenessNewsletter.October2016.Avail-ableathttp://www.hhs.gov/sites/default/files/novem-ber-2016-cyber-newsletter.pdf

Page 11: Authentication Best Practices

Protection for a neW era of

medicineabout tmlt:Withmorethan19,000healthcareprofessionalsinitscare,TexasMedicalLiabilityTrust(TMLT)providesmalpracticeinsuranceandrelatedproductstophysicians.Ourpurposeistomakeapositiveimpactonthequalityofhealthcareforpatientsbyeducating,protecting,anddefendingphysicians.www.tmlt.org

10Find us on:

www.tmlt.org
www.tmlt.org
http://www.tmlt.org/tmlt/
https://plus.google.com/+TmltOrg
https://www.facebook.com/TexasMedicalLiabilityTrust
https://www.linkedin.com/company/tmlt
https://twitter.com/TMLT_TMIC

SAS3720-2016 Tips and Best Practices for …...1 SAS3720-2016 Tips and Best Practices for Configuring Integrated Windows Authentication Mike Roda, SAS Institute Inc., Cary, NC ABSTRACT

SAS3720-2016 Tips and Best Practices for …...1 SAS3720-2016 Tips and Best Practices for Configuring Integrated Windows Authentication Mike Roda, SAS Institute Inc., Cary, NC ABSTRACT

Documents
2015 Fat Loss Best Practices...2015 Fat Loss Best Practices 2015 Fat Loss Best Practices 2015 Fat Loss Best Practices Sprint Intervals

2015 Fat Loss Best Practices...2015 Fat Loss Best Practices 2015 Fat Loss Best Practices 2015 Fat Loss Best Practices Sprint Intervals

Documents
Best Practice Manual for Digital Image Authentication

Best Practice Manual for Digital Image Authentication

Documents
Authentication, Identification, and the Best Evidence Rule

Authentication, Identification, and the Best Evidence Rule

Documents
AGTA Presentation Best Practices. SuperShuttle Tampa Best Practices

AGTA Presentation Best Practices. SuperShuttle Tampa Best Practices

Documents
Digital Transformation – Is Your Network Ready · Windows Domain Architecture Active Directory Authentication Best Practices FactoryTalk Security Integration into Windows Domain

Digital Transformation – Is Your Network Ready · Windows Domain Architecture Active Directory Authentication Best Practices FactoryTalk Security Integration into Windows Domain

Documents
Medically Endorsed Store Training - Home :: … · System uses industry standard security best practices. Other safety features: ... Authentication (KBA) SAW verifies your identity

Medically Endorsed Store Training - Home :: … · System uses industry standard security best practices. Other safety features: ... Authentication (KBA) SAW verifies your identity

Documents
Best Practices Best Practices for Reducing Your Attack Surfacelp.skyboxsecurity.com/rs/...Best-Practices-Reduce-Attack-Surface-W… · Best Practices for Reducing Your Attack Surface

Best Practices Best Practices for Reducing Your Attack Surfacelp.skyboxsecurity.com/rs/...Best-Practices-Reduce-Attack-Surface-W… · Best Practices for Reducing Your Attack Surface

Documents
Cisco on Cisco Best Practices Cisco Remote Access Design ... · Cisco IT Best Practices ... existing corporate IT network management infrastructure, including the authentication,

Cisco on Cisco Best Practices Cisco Remote Access Design ... · Cisco IT Best Practices ... existing corporate IT network management infrastructure, including the authentication,

Documents
“Substantive Best Practices” Best Practices in Trial ...media.dsba.org/PreAdmitMaterials/28-Best Practices-Trial Practice...“Substantive Best Practices” Best Practices in Trial

“Substantive Best Practices” Best Practices in Trial ...media.dsba.org/PreAdmitMaterials/28-Best Practices-Trial Practice...“Substantive Best Practices” Best Practices in Trial

Documents
Chapter 9 Simple Authentication Protocols Simple Security Protocol Authentication Protocols Authentication and TCP Zero Knowledge Proofs The best Authentication

Chapter 9 Simple Authentication Protocols Simple Security Protocol Authentication Protocols Authentication and TCP Zero Knowledge Proofs The best Authentication

Documents
Mastercard® Authentication Best Practices...2019/06/21  · 5 Mastercard Authentication Best Practices v1.5 decline SCA is required. This will inform the merchant to perform another

Mastercard® Authentication Best Practices...2019/06/21  · 5 Mastercard Authentication Best Practices v1.5 decline SCA is required. This will inform the merchant to perform another

Documents
Best Practices for the Implementation of Call Authentication ...Best Practices for the Implementation of Call Authentication Frameworks 1 Introduction Fighting illegal robocalls is

Best Practices for the Implementation of Call Authentication ...Best Practices for the Implementation of Call Authentication Frameworks 1 Introduction Fighting illegal robocalls is

Documents
Best practices and use cases for consistent, enterprise ... · PDF fileArcSight Management Center ... Supported System Admin configurations Software • Authentication External •

Best practices and use cases for consistent, enterprise ... · PDF fileArcSight Management Center ... Supported System Admin configurations Software • Authentication External •

Documents
Best Practices for PowerPoint! Welcome! Best Practices for Presentations

Best Practices for PowerPoint! Welcome! Best Practices for Presentations

Documents
Best Practices PaPer Best Practices ON cONFiscatiON Practices on Confiscation... · Best Practices PaPer Best Practices ON cONFiscatiON (RECOMMENDATIONS 4 AND 38) AND A FRAMEWORK

Best Practices PaPer Best Practices ON cONFiscatiON Practices on Confiscation... · Best Practices PaPer Best Practices ON cONFiscatiON (RECOMMENDATIONS 4 AND 38) AND A FRAMEWORK

Documents
Best Practices for Challenge/Response Authentication

Best Practices for Challenge/Response Authentication

Technology
“Substantive Best Practices” Best Practices in Bankruptcy Lawmedia.dsba.org/PreAdmitMaterials/20-Best Practices... · 2016-11-07 · “Substantive Best Practices” Best Practices

“Substantive Best Practices” Best Practices in Bankruptcy Lawmedia.dsba.org/PreAdmitMaterials/20-Best Practices... · 2016-11-07 · “Substantive Best Practices” Best Practices

Documents
1 Best Practices for Voice Authentication Charles R. Jankowski Jr., Ph. D. SpeechTek West 2007 February 21, 2007

1 Best Practices for Voice Authentication Charles R. Jankowski Jr., Ph. D. SpeechTek West 2007 February 21, 2007

Documents
Multi-Factor Authentication: Best Practices for Securing ...€¦ · • Multi-factor authentication or MFA refers to the use of two or more credentials in the authentication of the

Multi-Factor Authentication: Best Practices for Securing ...€¦ · • Multi-factor authentication or MFA refers to the use of two or more credentials in the authentication of the

Documents
“Substantive Best Practices” Best Practices in Consumer …media.dsba.org/PreAdmitMaterials/30-Best Practices-Re… ·  · 2016-11-07“Substantive Best Practices” Best Practices

“Substantive Best Practices” Best Practices in Consumer …media.dsba.org/PreAdmitMaterials/30-Best Practices-Re… ·  · 2016-11-07“Substantive Best Practices” Best Practices

Documents
Authentication Best Practices for 2013cdn.ttgtmedia.com/searchSecurity/downloads/E-Guide_User... · 2013-10-04 · best practices Industry experts Jonathan Hassel and Ajay Kumar take

Authentication Best Practices for 2013cdn.ttgtmedia.com/searchSecurity/downloads/E-Guide_User... · 2013-10-04 · best practices Industry experts Jonathan Hassel and Ajay Kumar take

Documents
Java Best Practices for Developing and - · PDF fileJava Best Practices for developing and deploying • Best Practices for Performance • Best Practices for Security • Best Practices

Java Best Practices for Developing and - · PDF fileJava Best Practices for developing and deploying • Best Practices for Performance • Best Practices for Security • Best Practices

Documents
AFS & Kerberos Best Practices Workshop 2008 Design Goals Functions that require authentication Solution Space Kerberos, GSSAPI or SASL (Decide on your

AFS & Kerberos Best Practices Workshop 2008 Design Goals Functions that require authentication Solution Space Kerberos, GSSAPI or SASL (Decide on your

Documents
Email Deliverability Best Practices Files/Start Inboxing Best Practice… · The Essentials “Stop Guessing. Start Inboxing.” Authentication Check-List • Update DNS with proper

Email Deliverability Best Practices Files/Start Inboxing Best Practice… · The Essentials “Stop Guessing. Start Inboxing.” Authentication Check-List • Update DNS with proper

Documents
Best Practices Guide: Vyatta Firewall - Brocade...Best Practices Guide

Best Practices Guide: Vyatta Firewall - Brocade...Best Practices Guide

Documents
Oracle BPM Web Services Best Practices document BPM Web Services Best Practices document ... Changing the WSDL URL at runtime ... Authentication can be specified.

Oracle BPM Web Services Best Practices document BPM Web Services Best Practices document ... Changing the WSDL URL at runtime ... Authentication can be specified.

Documents
Multi-Factor Authentication: Best Practices for Securing

Multi-Factor Authentication: Best Practices for Securing

Documents
Wire Authentication Best Practices · 2019-12-13 · Wire Authentication Best Practices April 10, 2018 Meredith Piotti, CPA, CIA ... Mule withdraws transferred funds 27. CATO Threats

Wire Authentication Best Practices · 2019-12-13 · Wire Authentication Best Practices April 10, 2018 Meredith Piotti, CPA, CIA ... Mule withdraws transferred funds 27. CATO Threats

Documents
to World+Dog Delivering Javascript - Black Hat Briefings · Managing Secrets. Good- modern password best practices Better - 2FA Best - SAML SSO Enterprise SaaS Authentication. Safely

to World+Dog Delivering Javascript - Black Hat Briefings · Managing Secrets. Good- modern password best practices Better - 2FA Best - SAML SSO Enterprise SaaS Authentication. Safely

Documents