Description:


The organization has implemented rigorous procedures to verify the identity of individuals or entities seeking access to electronic protected health information (ePHI). This proactive approach aligns with the Health Insurance Portability and Accountability Act (HIPAA) requirements, ensuring that only authorized and authenticated entities gain access to sensitive health information.


Multi-Factor Authentication (MFA):

Utilization of MFA as a robust method to verify the claimed identity, requiring individuals to provide multiple forms of authentication before accessing ePHI.


Identity Proofing Processes:

Implementation of identity proofing processes to validate the identity of users during initial registration or access request, adding an additional layer of verification.


Biometric Authentication:

Incorporation of biometric authentication methods, such as fingerprints or facial recognition, to enhance the accuracy of identity verification.


Secure Credential Management:

Establishment of secure credential management practices to safeguard and authenticate user credentials, preventing unauthorized access.


Priority: High


Category: Identity Verification


Services Associated with AWS:


Amazon Cognito:

AWS Identity and Access Management (IAM)


Services Associated with Azure:


Azure Active Directory Identity Protection:

Azure Multi-Factor Authentication:


Objective Evidence:


Documentation of Identity Verification Procedures:

Records outlining the specific procedures and protocols used to verify the identity of individuals or entities seeking access to ePHI.


Audit Logs:

Logs detailing instances of identity verification processes, including successful and unsuccessful attempts.


User Training Records:

Documentation showcasing that users are trained on identity verification procedures to ensure consistent and secure practices.


Possible Technology Considerations:


Continuous Authentication Solutions

Digital Identity Certificates

Real-Time Identity Proofing Services


What Needs to Be Answered:


  • How effective are the implemented identity verification methods in ensuring that the claimed identity matches the actual identity
  • To what extent do users comply with identity proofing processes during initial registration or access requests?
  • How seamlessly are identity verification procedures integrated with access controls to enforce secure and authorized access to ePHI?
  • What measures are in place to respond to and investigate unsuccessful attempts at identity verification?


More Details:


Our commitment to secure access to ePHI involves the implementation of robust procedures for verifying the identity of individuals or entities. Through multi-faceted authentication methods and identity proofing processes, we ensure a reliable system that protects sensitive health information.