Author Box
Articles Categories
All Categories
Articles Resources

The History of Two Factor Authentication in the HIPAA Security Rule

January 03, 2012 | Comments: 0 | Views: 154

Although the Health Insurance Portability and Accountability Act was created in 1996 it was not always meant to secure the privacy of electronic health records. Originally HIPAA was created for paper health record privacy, before HIPAA there was no security standard implemented to protect patient privacy. As time moves forward so does technology and in the past decade recent advances in healthcare industry technology created a need for a more secure way of handling medical records.

With electronic health records becoming more readily available at cost efficient rates healthcare facilities made the move to these types of documents. Also with government regulation mandating electronic health records the Security Standards for the Protection of Electronic Protected Health Information also known as "the Security Rule" was created and enforced. This new set of regulations was created to ensure privacy of patient medical information while being stored or transmitted in their electronic form.

Two factor authentication, a process in which two separate factors of authenticating are used to identify a user, was not originally a necessary part of the security process stated in the HIPAA Security Rule. Throughout the years this form of authentication has grown to be a required piece of compliance for HIPAA.

Mentioned back in October 2003 in a PDF released by the National Institute of Standards and Technology where multi factor authentication was mentioned. The document titled "Guide to Selecting Information Technology Security Products" stated what authentication was but did not necessarily require the implementation of this type of security. Obviously with electronic medical records being so new and not used across all facilities the need for specific authentication was not created or enforced.

Then in April 2006 a new document was released by the NIST called "Electronic Authentication Guideline" which stated 4 levels of security in which some required a strong authentication process. The use of two factor authentication was mentioned in the 3rd level which states the need for a token to be required. This token can either be a soft/hard token or a one-time password. With more hospitals accepting EHRs the need for stronger security guidelines arose.

Although there were now regulations in place that stated the requirement for two factor authentication they were unclear and did not state the need for specific IT security controls. After an audit by the Office of Inspector General found the need for these IT security controls the old NIST document was revised. The "Electronic Authentication Guideline" drafted in June 2011 is a revision of the publication which states more clearly the need for specific two factor authentication including acceptable token types.

We can see the increasing need for security in the healthcare industry although the need for regulating compliance was not always necessary, however with everything changing and government mandates put in place compliance guidelines have been improving. It does not seem to be over either, in a recent draft by the NIST created May 2011 titled "Cloud Computing Recommendations" which talks loosely about multi factor authentication to access the cloud. This goes to show as technology moves forward and more ways of storing/accessing data are created the need for regulation arises. This is especially true when healthcare facilities are accepting and utilizing this new technology more and more.

Adam is IT Security Professional who provides information about 2 factor authentication to help companies obtain stronger remote access security especially in industries such as healthcare where HIPAA compliance is government regulated.

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Hipaa Security Rule


Hipaa Compliance


Two Factor Authentication


Healthcare Security







Thus, you can apply for the negligence compensation under such circumstances in order to recover your loss, Negligence Claims, Negligence compensation Involvedness of Negligence Claims. The court

By: Simon Liva l Legal > Personal Injury l December 13, 2012 lViews: 292

If a lawyer is not able to devote enough time to your case then your defense is likely to suffer. Moreover specialization in one stream or other of defense is important so that the attorney can

By: Simon Liva l Legal > Criminal Law l December 12, 2012 lViews: 429

Filing a business bankruptcy can be a complex and critical task, but you have several options. You can consult your bankruptcy attorney to know which among those options is right for you.This is a

By: Harvard McIntosh l Legal > Corporations LLC l December 11, 2012 lViews: 235

You can always check for the treatments that are covered. This is because there are some policies which do not give you claims if you meet any kind of head injury.You can always check for the

By: Simon Liva l Legal > Personal Injury l November 05, 2012 lViews: 241

In Colorado, you have many Personal Injury Lawyers to choose from. When you choose the Law Offices of Andrew C. Bubb you instantly put years of experience and legal know how in your corner. Attorney

By: Dilshad l Legal > Personal Injury l October 25, 2012 lViews: 389

If you have been charged with a crime, speak with Boulder criminal defense attorney Steven Louth immediately to protect your rights. Steven Louth is a criminal defense attorney and criminal trial

By: Dilshad l Legal > Personal Injury l October 18, 2012 lViews: 244

With an increasing prevalence of crimes recently, we are no longer assured of our safety. As a response, lots of government campaigns try to educate every citizen. They want their people to be

By: Cori Bakerl Legal > Regulatory Compliancel June 07, 2012 lViews: 242

There is something that all businesses have in common and that is the fact that they have to deal with documents on a regular basis. Some of them are able to deal with those documents successfully

By: Joan Dye Lindseyl Legal > Regulatory Compliancel May 18, 2012 lViews: 186

Timing is everything when you are taking your company public, or when your government agency is asking for more congressional budget money. Yes, if we all had perfect timing, we'd all be

By: Lance Winslowl Legal > Regulatory Compliancel May 11, 2012 lViews: 154

Spill kits are essential in cleaning up a chemical or similarly-hazardous substance. Here are the basic ways in which these kits are used.

By: Irene Testl Legal > Regulatory Compliancel May 01, 2012 lViews: 200

If a chemical spills in a laboratory, procedures involving a spill kit must start immediately. Here are some of the steps for using a spill kit.

By: Irene Testl Legal > Regulatory Compliancel May 01, 2012 lViews: 175

Absorbents are part of every spill kit. Here are the common types found in many kits.

By: Irene Testl Legal > Regulatory Compliancel May 01, 2012 lViews: 177 has not only become the largest online bookstore, but is also a multinational ecommerce company. The company has been spreading its reach like branches of a river while supplying goods to

By: Adam Quartl Legal > Identity Theftl January 26, 2012 lViews: 128

The Federal Financial Institutions Examinations Council's (FFIEC) guidance for financial institutions, which was first issued in 2005, supports the use of strong authentication processes to protect

By: Adam Quartl Legal > Regulatory Compliancel January 05, 2012 lViews: 123