HIPAA Technical Safeguard: Authentication

By Robert McDermott, President & CEO; iCoreConnect

This is the third article of a five-part series that looks at the area of HIPAA law known as the “Technical Safeguards.” The Technical Safeguards are designed to protect electronic Protected Health Information (ePHI) from internal and external risks. Implementation of these safeguards is required by law, and helps you avoid costly fines.

In this brief article, we address the “Authentication” Regulation §164.312(d)

What is the “Authentication” Standard?

This standard requires a covered entity to verify people (or entities) seeking access to ePHI are who they say they are in any electronic communication, such as email. 

To accomplish “authentication” (verify user identity) require something: 

1. Known only to the individual, such as password or PIN 
2. Possessed by the individual, such as a smart card, a token or a key 
3. Unique to the individual, such as a biometric (e.g. fingerprints, voice patterns, facial patterns or iris patterns ).
4. Or your may implement a system that uses the federally-recognized DIRECT protocol. (DIRECT is a set of standards for securely transmitting ePHI.) 

How do I know if my system meets the HIPAA Technical Safeguards?

Your safest route is to consult with a vetted provider of HIPAA-compliant email and software.  The provider can conduct an assessment of your current system.

When looking for a practice management and HIPAA-compliant email provider, confirm it provides at least two “authentication” methods or uses the DIRECT protocol, as well as meets or exceeds all five HIPAA Technical Safeguards.

All ePHI must meet the standards set by the National Institute of Standards and Technology, regardless of whether the information is in transit or at rest. For more information about “AUTHENTICATION”, call iCoreConnect at 888-810-7706, or visit HHS.gov. iCoreConnect’s HIPAA-compliant email (iCoreExchange) ONC-certified, practice management software EHR (iCoreDental) have been vetted by FDA Crown Savings and utilize the DIRECT protocol for electronic communication of PHI.

---

1. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
2. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
3. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

PUB NO.3000.025.060518