The historical past of two-factor authentication within the HIPAA Safety Rule

The historical past of two-factor authentication within the HIPAA Safety Rule

The historical past of two-factor authentication within the HIPAA Safety Rule

Though the Well being Insurance coverage Portability and Accountability Act was created in 1996, it was not at all times meant to make sure the privateness of digital well being information. Initially HIPAA was created for the privateness of paper well being information, earlier than HIPAA there was no safety normal in place to guard affected person privateness. As time moved ahead, know-how and within the final decade latest advances in healthcare trade know-how created the necessity for a safer method of dealing with medical information.

With digital well being information changing into increasingly out there at cost-effective costs, well being care amenities switched to these kinds of paperwork. Additionally, with the federal government regulation mandating digital well being information, the Safety Requirements for the Safety of Protected Digital Well being Info often known as the “Safety Rule” have been created and applied. This new set of laws was created to make sure the privateness of affected person medical data when saved or transmitted in digital kind.

Two-factor authentication, a course of through which two separate authentication elements are used to establish a consumer, was not initially a required a part of the safety course of said within the HIPAA Safety Rule. Through the years, this type of authentication has turn into a required a part of HIPAA compliance.

Talked about in October 2003 in a PDF launched by the Nationwide Institute of Requirements and Expertise mentioning multi-factor authentication. The doc, titled “Information to Choosing Info Expertise Safety Merchandise,” said what authentication was, however didn’t essentially require the implementation of this sort of safety. After all, since digital medical information are so new and never utilized in all amenities, the necessity for particular authentication was not created or applied.

Then, in April 2006, a brand new doc was launched by NIST referred to as the “Digital Authentication Information” which said 4 ranges of safety through which some required a powerful authentication course of. Using two-factor authentication was talked about at stage 3, which states the necessity to require a token. This token might be both a comfortable/exhausting token or a one-time password. With extra hospitals adopting EHRs, the necessity for stronger safety pointers arose.

Though there have been now laws stating the requirement for two-factor authentication, they have been imprecise and didn’t state the necessity for particular IT safety controls. After an audit by the Workplace of Inspector Basic discovered a necessity for these IT safety controls, the previous NIST doc was revised. The “Digital Authentication Information” drafted in June 2011 is a revision of the publication which extra clearly emphasizes the necessity for particular two-factor authentication, together with acceptable kinds of tokens.

We are able to see the rising want for safety within the healthcare trade, though the necessity for compliance regulation was not at all times obligatory, nonetheless with all the pieces altering and authorities mandates in place, compliance pointers have improved. It would not appear to be over both, in a latest draft from NIST, created in Could 2011, titled “Cloud Computing Suggestions,” which talks loosely about multi-factor authentication to entry the cloud. It appears that evidently as know-how advances and extra methods of storing/accessing information are created, the necessity for regulation arises. That is very true when healthcare amenities are more and more accepting and utilizing this new know-how.


#historical past #twofactor #authentication #HIPAA #Safety #Rule

Leave a Comment

Your email address will not be published.

Scroll to Top