MUSC Policy MUSC-xx: Information Security - Person or Entity Authentication
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.
Policy:
If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's procedures for authenticating a person or entity seeking access to protected information are sufficient to meet all legal, ethical and business requirements.
Whenever possible, MUSC Systems should authenticate their users through a centralized, standards-based authentication service. Proprietary, System-specific authentication procedures that require users to remember a separate password or access code, or to be issued separate access tokens, are strongly discouraged. See the "MUSC User Authentication Standards" document [link] for more information.
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
- MUSC Policy MUSC-xx: Information Security - Access Control
- MUSC User Authentication Standards
References:
- HIPAA Security 164.312(d) Standard: Person or entity authentication
- HIPAA Security 164.312(a)(1) Standard: Access control
$Id: authentication.html,v 1.1 2004/10/25 13:59:17 gadsden Exp $