MUSC Policy MUSC-xx: Information Security - Person or Entity Authentication

MUSC Policy MUSC-xx: Information Security - Person or Entity Authentication

Definitions:

Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.

Policy:

If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's procedures for authenticating a person or entity seeking access to protected information are sufficient to meet all legal, ethical and business requirements.

Whenever possible, MUSC Systems should authenticate their users through a centralized, standards-based authentication service. Proprietary, System-specific authentication procedures that require users to remember a separate password or access code, or to be issued separate access tokens, are strongly discouraged. See the "MUSC User Authentication Standards" document [link] for more information.

Sanctions:

Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.

See Also:

MUSC Policy MUSC-xx: Information Security

MUSC Policy MUSC-xx: Information Security - Access Control

MUSC User Authentication Standards

References:

HIPAA Security 164.312(d) Standard: Person or entity authentication

HIPAA Security 164.312(a)(1) Standard: Access control

$Id: authentication.html,v 1.1 2004/10/25 13:59:17 gadsden Exp $