Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat

Health Insurance Portability and Accountability Act (HIPAA)

Administrative Simplification (AS) provisions of Title II of HIPAA require that national standards for electronic health care transactions be established. The Administration Simplification provisions also address the security and privacy of health data.

The Role of User Authentication in HIPAA Compliance

The Technical Safeguards section requires covered entities to control access to computer systems and to protect communications containing Electronic Protected Health Information (EPHI) transmitted electronically over open networks (i.e. remote access) from being intercepted by anyone other than the intended recipient.

Accessing Electronic Protected Health Information (EPHI)
Covered entities must develop and implement policies and procedures for authorizing EPHI access in accordance with the HIPAA Security Rule at §164.308(a)(4) and the HIPAA Privacy Rule at §164.508. It is important that only those workforce members who have been trained and have proper authorization are granted access to EPHI.

Risks Possible Risk Management Strategies
Log-on/password information is lost or stolen resulting in potential unauthorized or improper access to or inappropriate viewing or modification of EPHI. Implement two-factor authentication for granting remote access to systems that contain EPHI. This process requires factors beyond general usernames and passwords to gain access to systems (e.g., requiring users to answer a security question such as “Favorite Pet’s Name”);

It is generally recognized that strong authentication is required for remote access to systems and networks containing health data. PhoneFactor is easy to for IT departments to deploy, and easy for health care professionals to use. So, it can be quick and cost effective to setup and maintain.

PhoneFactor Offers Rapid, Cost Effective Compliance with HIPAA
With PhoneFactor, there are no devices, software, or certificates to deploy and maintain – it works with the user’s existing phone (landline or mobile). Users require very little training and almost no ongoing support – making PhoneFactor significantly less expensive to setup and maintain than other two-factor solutions.

PhoneFactor offers instant integration with all leading business systems and synchronizes with AD and LDAP Servers for centralized user management. Easy, automated self-service options are available through the phone and web, which helps to expedite deployment and minimize overhead.

PhoneFactor is trusted by leading healthcare organizations like OhioHealth, MetroHealth, Nationwide Children’s Hospital Research Institute, SUNY Upstate Medical University, and Firelands Regional Medical Center to meet HIPAA and other industry regulatory requirements for two-factor authentication.

 

 

Solutions

   Legal  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates