MUSC Policy: Information Security - Person or Entity Authentication

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005


Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.312(d) Standard: Person or entity authentication
HIPAA Security: 164.312(a)(1) Standard: Access control


If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's procedures for authenticating a person or entity seeking access to protected information are sufficient to meet all legal, ethical and business requirements.


3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Authentication Standards

Whenever possible, MUSC Systems should authenticate their users through a centralized, standards-based authentication service. Proprietary, System-specific authentication procedures that require users to remember a separate password or access code, or to be issued separate access tokens, are strongly discouraged. Refer to MUSC Information Security Standards: Identity and Access Management for additional information.

3.3. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.4. See Also

MUSC Policy: Information Security
MUSC Policy: Information Security - Access Control
MUSC Policy: Information Security - Encryption
MUSC Information Security Standards: Identity and Access Management


This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.