Easily Meet HIPAA/HITECH Regulations for Secure Access with SecureAuth IEP 2-Factor Authentication

The HIPAA Security Rule establishes requirements for guarding Electronic Protected Health Information (ePHI.) It essentially requires any organization that creates, stores, or transacts ePHI to safeguard and control all access to the information. Organizations effected by HIPAA include hospitals, physicians’ group practices, insurance carriers, and HMOs. HIPAA presents major challenges to these organizations because, to ensure compliance, they need to secure access to patient records.

HIPAA requires the transmission of health-related information to include adequate encryption, authentication or identification of communication partners, and incorporate an effective password/key management system. Authentication is accomplished over the Internet and means proving who you are, which may involve one or more of the following factors: something you are; something you know; or something you have.

The HIPAA Security Rule requirements have most recently been expanded via the Health Information Technology for Economic and Clinical Health (HITECH) Act, which establishes mandatory federal security breach reporting requirements with expanded criminal and civil penalties for non-compliance. To remain HIPAA compliant, and avoid fines for health non- compliance, strict control over access to patient records must be demonstrated.

Secure, Simple 2-factor Authentication to Meet HIPAA/HITECH Regulations

SecureAuth is an Identity Enforcement Platform (IEP) that secures and simplifies access to every cloud, VPN, and web resource from the office, labs, a nurse’s station, or remotely from mobile devices with integrated Authentication, SSO, and IdM Services. A turnkey solution that exceeds HIPAA/HITECH regulations, SecureAuth is the only tokenless, non-phishable authentication solution for applications that mutually authenticates both the user and the server in an easy to deploy manner.

SecureAuth integration to existing applications is easy. For Microsoft web applications, simply turn on Forms Based Authentication and resources are redirected to the SecureAuth server where users are authenticated for applications such as Microsoft SharePoint/MOSS, Outlook Web Access and other ASP.NET applications. Similar target/redirect methodologies exist for J2EE applications and application servers such as IBM’s WebSphere. For cloud-based application authentication and SSO, SecureAuth delivers easily configured SAML options that eliminate the expense and expertise needed to integrate a SAML solution into your directory.

SecureAuth IEP doesn’t require APIs or application modifications. With SecureAuth, an administrator determines the level of authentication and only one set of authentication credentials is needed for authentication and to create a single login experience for all cloud, web and VPN resources. Furthermore, users don’t have to remember separate passwords and administrators aren’t flooded with calls to reset forgotten passwords. And your authentication credentials are securely stored on-premise in Microsoft Active Directory or other industry leading directories. Bottom line, SecureAuth delivers easily configured authentication options that meet or exceed HIPAA/HITECH regulations.

SecureAuth Highlights for HIPAA/HITECH Compliance

• Protects disclosure of a patient’s personal health information by ensuring that access to patient’s records is only granted to authorized end-users and is immediately rescinded when an authorized end-user leaves the healthcare organization.
• 2-factor authentication options (Certificate, SMS, Telephony, Username/Password) are configurable to map the right level of authentication to meet each organization’s requirements.
• Turnkey solution delivers an algorithmically proven authentication method that protects Personally Identifiable (PII) and other sensitive information from phishing and password attacks.
• Secure access to applications from tablets and other mobile devices with strong authentication
• Easily integrates with SIEM solutions to meet reporting requirements.
• Built-in SAML functionality eliminates the expense and expertise needed to integrate a SAMLSSO solution into your directory.
• User friendly self-registration and automated certificate distribution reduces administrative overhead and help desk calls.
• Automatically provision new users from Active Directory or other directories that reside on-premise securely behind your firewall.
• No APIs or modifications to applications required.
• User friendly self-registration and automated certificate distribution reduces administrative overhead and help desk calls
• Integrates with existing data store so the identity used for authentication is the same that is utilized by the application for processing, permissions and role management.
• No tokens, data servers or additional infrastructure investment required.
• Optional SSO can be easily configured to create transparent user access.

SecureAuth 2-factor authentication is one of many functions of the SecureAuth Identity Enforcement Platform which provides Identity Enforcement plus SSO, access and user management services in a single solution.