Enforcer proper authentication

Enforcer proper authentication

Risk: secure

Description

To keep the data private and secure, it’s important to authenticate users properly so that only those with the requisite credentials can access the accounts

HIPAA Access Control Requirements: In the case of access control, this is a standard element of data security and means that access to electronic protected health information will be restricted through a login and authentication method. Thus, a login mechanism is used to secure and control access to information, and only persons who have been granted the required access rights can log into information systems contain protected data.

Recommendation

• Implement electronic mechanisms to verify the identity of any person or entity requesting access to ePHI, before granting access to the ePHI.
• Use an appropriate authentication method to take reasonable steps to ensure that only properly authenticated workforce members access ePHI.

Links

• HIPAA Security Rules
• Security Standards: Technical Safeguards

Standards

• OWASP_MASVS_L1:
  • MSTG_ARCH_2
• OWASP_MASVS_L2:
  • MSTG_ARCH_2