Will single sign-on (SSO) technology help us meet certain security rule requirements?
HIPAA Weekly Advisor, May 8, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
An SSO solution-either a third-party product or an internal directory service (e.g., Active Directory, eDirectory, or Lightweight Directory Access Protocol)-can certainly help you comply with the access control standard of HIPAA's security rule. However, be sure to have specific goals in mind. Ask yourself: Are you establishing SSO for user convenience or for an overall identity management solution?
The answer will help you find the right solution. For example, if you want to focus on overall identity management, SSO will likely be a side benefit of a broad-based product that helps you meet HIPAA obligations. On the other hand, an SSO geared toward user convenience will be more specific to users' needs. Whatever your aim, SSO solutions are not cheap or simple to establish. However, they can pay for themselves in a relatively short period and add considerable security to your infrastructure, beefing up your HIPAA compliance.
Editor's note: Kevin Beaver, CISSP, security consultant with Acworth, GA-based Principle Logic, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched