MUSC Policy: Information Security - Person or Entity Authentication

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.312(d) Standard: Person or entity authentication
HIPAA Security: 164.312(a)(1) Standard: Access control

2. POLICY

If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's procedures for authenticating a person or entity seeking access to protected information are sufficient to meet all legal, ethical and business requirements.

3. PROCEDURES

3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Authentication Standards

Whenever possible, MUSC Systems should authenticate their users through a centralized, standards-based authentication service. Proprietary, System-specific authentication procedures that require users to remember a separate password or access code, or to be issued separate access tokens, are strongly discouraged. Refer to MUSC Information Security Standards: Identity and Access Management for additional information.

3.3. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.4. See Also

MUSC Policy: Information Security
MUSC Policy: Information Security - Access Control
MUSC Policy: Information Security - Encryption
MUSC Information Security Standards: Identity and Access Management

4. ACCESS

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.