HIPAA Technical Safeguard section §164.312 requires an assigned, unique name and/or number for identifying and tracking a user’s identity.
Two Factor Authentication (2FA), commonly referred to as Multi-factor Authentication, is the process of using multiple forms of authentication to verify an individual’s identity during the logon sequence. HIPAA Vault uses Two Factor Authentication to ensure that only authorized users are able to access sensitive data and information.
Users are required to prove what they know and what they own through the use of digital security tokens that can’t be lost or stolen.
HIPAA Vault uses unique usernames and passwords, along with hardware signatures from the user’s individual device, to allow only authorized access to secure data stored within the system. In order to ensure data security and integrity, only approved devices are able to access system resources and information.
What makes the token system unique is that the token isn’t something that the user knows or has stored somewhere. Instead the token is generated on the fly and lasts only long enough to type into the password field. The token then disappears. This way, even if a laptop or smartphone is lost, the user who finds it cannot gain access to the two factor system.
Traditional tokens are hardware–based such as USB or RSA key chain (FOBs). These hardware–based tools are effective, but are expensive and can be lost. HIPAA Vault employs the use of digital security tokens that can’t be lost or stolen.
Digital two factor authentication also has the advantage of being less expensive than the hardware versions and are more secure.
Establishing what an individual knows and what an individual owns is required as part of the HIPAA Vault red carpet onboarding process. Authorized users are walked through the process of logging in for the first time and then their individual device is approved by our system administrators. By doing this HIPAA Vault is able to complete part of the authentication process by establishing what the customer owns. Then through unique usernames and passwords the second factor of authentication is verified.