• E-mail
• Print
• RSS

Q: Will single sign-on (SSO) technology help us meet certain security rule requirements?

Compliance Monitor, May 12, 2006

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

Q: Will single sign-on (SSO) technology help us meet certain security rule requirements?

A: An SSO solution-either a third-party product or an internal directory service (e.g., Active Directory, eDirectory, or Lightweight Directory Access Protocol)-can certainly help you comply with the access control standard of HIPAA's security rule. However, be sure to have specific goals in mind. Ask yourself: Are you establishing SSO for user convenience or for an overall identity management solution?

The answer will help you find the right solution. For example, if you want to focus on overall identity management, SSO will likely be a side benefit of a broad-based product that helps you meet HIPAA obligations. On the other hand, an SSO geared toward user convenience will be more specific to users' needs. Whatever your aim, SSO solutions are not cheap or simple to establish. However, they can pay for themselves in a relatively short period and add considerable security to your infrastructure, beefing up your HIPAA compliance.

Editor's note: Kevin Beaver, CISSP, security consultant with Acworth, GA-based Principle Logic, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive