OCR Highlights Best Practices for Strengthening Authentication Process

In its November 2016 Cyber Awareness Newsletter, the Office of Civil Rights (OCR) provided best practices for covered entities and business associates to prevent breaches due to weak authentication. Suggestions include conducting a comprehensive, accurate and thorough enterprise-wide analysis; consider implementing a form of authentication that is reasonable and appropriate for size, complexity, capabilities, technical infrastructure, and hardware and software capabilities; and consider different recommended methods of authentication. The best practices are designed to help healthcare entities safeguard and strengthen their authentication methods to decrease risk of cybercrime resulting in breaches due to weak authentication.