Controlling User Access for HIPAA

Controlling User Access for HIPAA
Meting out access to IT resources is a directory service’s main goal. This is especially prevalent in regards to HIPAA compliance. Under the
HIPAA Security Rule, compliant enterprises are required to have a strong identity and access management (IAM) base. Ensuring that the right employees are accessing the right information/resources promotes overall privacy and security. With health insurance information, nothing is more paramount than controlling user access for HIPAA compliance.

What is HIPAA Compliance?

HIPAA security rulePer HIPAA Technical Safeguards 164.312, a compliant organization must “implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.” This concept all boils down to IAM. You wouldn’t want Finance to have access to Engineering’s software, nor would you want Marketing to be able to open Finance’s spreadsheets, etc. This is especially poignant with electronic personal health information (ePHI), as it often contains sensitive material, including health history, social security numbers, and other key facets of a person’s identity.

Using IAM increases an organization’s overall information and identity security, a key factor in HIPAA compliance. The root approach to using IAM for HIPAA compliance is controlling user access. By managing the permissions of user identities, IT admins can ensure that only the correct individuals can access the sensitive ePHI data laid out under the HIPAA umbrella.

Directory Services for Security

Because of this, maintaining a strong directory of users is crucial to security and HIPAA compliance. In IT’s early days, Microsoft® Active Directory® (MAD or AD) made HIPAA compliance a fairly simple task. Due to Microsoft’s dominance of the IT resources scene, AD had an easy time creating a unified user identity.

As IT started to shift to the cloud, however, identities in AD began to falter. Employees started to leverage web-based applications and resources, and even using newer systems like Mac® and Linux®. AD couldn’t keep up with IT’s evolution by itself, and required a slew of other SaaS solutions, like SSO tools and identity bridges, to try to tie together their identities.

Cloud Directories: The (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at:

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 315 posts and counting.See all posts by zach-demeyer