164.312(d) Person or Entity Authentication (Required)

Illustrative Controls and TIBCO LogLogic Solution

Authentication systems identify persons or entities seeking access to electronic protected health information by challenging the person or entity for something they know, something they are or something they possess. By using these methods, a person or entity is “authenticated” as the one that the individual or entity claimed to be. TIBCO LogLogic is used to capture system activity and log records to detail system, file or facility access events, as well as authentication system configuration changes so covered entities can ensure their authentication procedures safeguard against unauthorized access to electronic protected health information systems, files and facilities.

To satisfy this HIPAA standard requirement, administrators must assess the authentication mechanisms used to validate user credentials (new and existing) for electronic protected health information systems to support the validity of transactions. Server and application activities must be monitored for locked-out and enabled accounts as they can represent malicious activities. Administrators must monitor and verify all user access to programs and data, and review access to ensure there is segregation of duties as well as all access privileges are properly assigned and approved.

Reports and Alerts

Use the following link or reference to see the 164.312(d) reports and alerts: 164.312(d) Person or Entity Authentication (Required).