View
139
Download
0
Embed Size (px)
Citation preview
What every physician needs to knoW:
authentication best practices
1 What is authentication?
• Authenticationisaprocessthattypicallyusesloginpasswordsorpassphrasestoconfirmtheidentityofapersonorentityseekingaccesstoinformationkeptonpublicorprivatenetworks,medicaldevices,servers,andsoftwareapplications.
2 hiPaa requires authentication
• ThePersonorEntityAuthenticationstandardoftheHIPAASecurityRulerequiresauthenticationproceduresforanypersonorentityseekingaccesstoelectronicprotectedhealthinformation(ePHI).
3 authentication requirements
• Conductanenterprise-wideriskanalysisthatidentifies:• weaknessesofcurrentauthenticationmethods;• potentialthreatsthatcanexploittheweaknesses;• thelikelihoodofabreachoccurring;and• howeachtypeofbreachcanaffectyourbusiness.
authentication requirements4
• Thisprocesshelpsentitiesdetermineiftheyshould:• mitigatetheriskwithaparticulartypeofauthentication;
• keeptheircurrentauthenticationmethodinplace;• transferriskbyoutsourcingauthenticationservicestoabusinessassociate;or
• avoidriskaltogetherbyeliminatingtheprocessassociatedwithit.
authentication requirements5
• Basedonpotentialrisks,considerusingaformofauthenticationthatisreasonableandappropriateforthesize,complexity,capability,hardware,andsoftwareusedinyourpractice.
authentication requirements
• Dependingontheresultsoftheriskanalysis,consider:• Single-factorauthentication• Multi-factorauthenication(defined on next slides)
6
single-factor authentication
• Usesoneofthreefactorstoattainauthentication:somethingyouknow,are,orhave.Forexample,apasswordissomethingyouknowandistheonlyfactorthatwouldberequiredtoauthenticateapersonorprogram.Thiswouldbeconsideredasingle-factorauthentication.
7
8• Usestwoormorefactorstoachieveauthentication.Forinstance,aprivatekeyonasmartcardthatisactivatedbyaperson’sfingerprintisconsideredamulti-factortoken.Thesmartcardissomethingyouhave,andsomethingyouare(thefingerprint)isnecessarytoactivatethetoken(privatekey).
multi-factor authentication
9 sources
• CornellUniversityLawSchoolLegalInformationInstitute.45CFR164.308AdministrativeSafeguards.Availableathttps://www.law.cornell.edu/cfr/text/45/164.308
• U.S.DepartmentofHealthandHumanServicesOfficeforCivilRights.Whattypeofauthenticationisrightforyou?CyberAwarenessNewsletter.October2016.Avail-ableathttp://www.hhs.gov/sites/default/files/novem-ber-2016-cyber-newsletter.pdf
Protection for a neW era of
medicineabout tmlt:Withmorethan19,000healthcareprofessionalsinitscare,TexasMedicalLiabilityTrust(TMLT)providesmalpracticeinsuranceandrelatedproductstophysicians.Ourpurposeistomakeapositiveimpactonthequalityofhealthcareforpatientsbyeducating,protecting,anddefendingphysicians.www.tmlt.org
10Find us on: