AGTA Presentation Best Practices. SuperShuttle Tampa Best Practices.
Authentication Best Practices
-
Upload
texas-medical-liability-trust -
Category
Healthcare
-
view
139 -
download
0
Transcript of Authentication Best Practices
![Page 1: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/1.jpg)
What every physician needs to knoW:
authentication best practices
![Page 2: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/2.jpg)
1 What is authentication?
• Authenticationisaprocessthattypicallyusesloginpasswordsorpassphrasestoconfirmtheidentityofapersonorentityseekingaccesstoinformationkeptonpublicorprivatenetworks,medicaldevices,servers,andsoftwareapplications.
![Page 3: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/3.jpg)
2 hiPaa requires authentication
• ThePersonorEntityAuthenticationstandardoftheHIPAASecurityRulerequiresauthenticationproceduresforanypersonorentityseekingaccesstoelectronicprotectedhealthinformation(ePHI).
![Page 4: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/4.jpg)
3 authentication requirements
• Conductanenterprise-wideriskanalysisthatidentifies:• weaknessesofcurrentauthenticationmethods;• potentialthreatsthatcanexploittheweaknesses;• thelikelihoodofabreachoccurring;and• howeachtypeofbreachcanaffectyourbusiness.
![Page 5: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/5.jpg)
authentication requirements4
• Thisprocesshelpsentitiesdetermineiftheyshould:• mitigatetheriskwithaparticulartypeofauthentication;
• keeptheircurrentauthenticationmethodinplace;• transferriskbyoutsourcingauthenticationservicestoabusinessassociate;or
• avoidriskaltogetherbyeliminatingtheprocessassociatedwithit.
![Page 6: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/6.jpg)
authentication requirements5
• Basedonpotentialrisks,considerusingaformofauthenticationthatisreasonableandappropriateforthesize,complexity,capability,hardware,andsoftwareusedinyourpractice.
![Page 7: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/7.jpg)
authentication requirements
• Dependingontheresultsoftheriskanalysis,consider:• Single-factorauthentication• Multi-factorauthenication(defined on next slides)
6
![Page 8: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/8.jpg)
single-factor authentication
• Usesoneofthreefactorstoattainauthentication:somethingyouknow,are,orhave.Forexample,apasswordissomethingyouknowandistheonlyfactorthatwouldberequiredtoauthenticateapersonorprogram.Thiswouldbeconsideredasingle-factorauthentication.
7
![Page 9: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/9.jpg)
8• Usestwoormorefactorstoachieveauthentication.Forinstance,aprivatekeyonasmartcardthatisactivatedbyaperson’sfingerprintisconsideredamulti-factortoken.Thesmartcardissomethingyouhave,andsomethingyouare(thefingerprint)isnecessarytoactivatethetoken(privatekey).
multi-factor authentication
![Page 10: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/10.jpg)
9 sources
• CornellUniversityLawSchoolLegalInformationInstitute.45CFR164.308AdministrativeSafeguards.Availableathttps://www.law.cornell.edu/cfr/text/45/164.308
• U.S.DepartmentofHealthandHumanServicesOfficeforCivilRights.Whattypeofauthenticationisrightforyou?CyberAwarenessNewsletter.October2016.Avail-ableathttp://www.hhs.gov/sites/default/files/novem-ber-2016-cyber-newsletter.pdf
![Page 11: Authentication Best Practices](https://reader036.fdocuments.net/reader036/viewer/2022092623/58731c6c1a28ab673e8b66c7/html5/thumbnails/11.jpg)
Protection for a neW era of
medicineabout tmlt:Withmorethan19,000healthcareprofessionalsinitscare,TexasMedicalLiabilityTrust(TMLT)providesmalpracticeinsuranceandrelatedproductstophysicians.Ourpurposeistomakeapositiveimpactonthequalityofhealthcareforpatientsbyeducating,protecting,anddefendingphysicians.www.tmlt.org
10Find us on: