HIPAA Technical Safeguard section §164.312 requires an assigned, unique name and/or number for identifying and tracking a user’s identity. Two-Factor authentication is a means of protecting the systems and Electronic Personal Health Information (ePHI) from unauthorized access. By requiring users verify their identity with what they know, their username and password, and what they have, typically a token, another layer of protection is added to ensure system and data security.
- Enhanced security
- Token Utilization
- Minimal email utilization
- No additional costs
Two Factor Authentication (2FA), commonly referred to as Multi-factor Authentication, is the process of using multiple forms of authentication to verify an individual’s identity during the logon sequence. HIPAA Vault uses Two Factor Authentication to ensure that only authorized users are able to access sensitive data and information. By requiring users to prove what they know and what they own through the use of digital security tokens that can’t be lost or stolen.
HIPAA Vault uses unique usernames and passwords, along with hardware signatures from the user’s individual device, to allow only authorized access to secure data stored within the system. In order to ensure data security and integrity only approved devices are able to access system resources and information.
What makes the token system unique is that the token isn’t something that the user knows or has stored somewhere. Instead the token is generated on the fly and lasts only long enough to type into the password field. The token then disappears. So even if a laptop or smart phone is lost, the user who finds it, cannot gain access to the two factor system.
Protecting sensitive data such as PHI or PCI data, requires careful planning to ensure the data is protected from intruders. The best way to protect the data is to ensure that the minimum access is granted over a secure line.
To ensure maximum security, the network is designed to minimize public access. Ports are opened to the public only if absolutely necessary. Public ports such as HTTP are then protected by a Web Application Firewall (WAF) that watches the HTTP traffic and blocks any suspicious activity.
Traditional tokens are hardware based such as USB or RSA key chain (FOBs). These hardware based tools are effective, but are expensive and can be lost. HIPAA Vault employes the use of digital security tokens that can’t be lost or stolen. The digital, two factor authentication has the advantage of being less expensive than the hardware ones and just as secure.
Establishing what an individual knows and what an individual owns is done as part of the HIPAA Vault red carpet on boarding process. Authorized users are walked through the process of logging in for the first time and then their individual device is approved by our system administrators. By doing this HIPAA Vault is able to establish the part of the authentication by establishing what the customer owns. Then through unique usernames and passwords the second factor of authentication is verified.