The first (45 CFR 164.308(a)(5)(d)) requires Covered Entities and Business Associates to implement procedures for creating, changing, and safeguarding passwords while the second (45 CFR 164.312 (a), (b), and (d)) relates to access controls, audit controls, and verification controls.īecause HIPAA is technology-neutral, these provisions do not require the implementation of a password manager. There are two areas of the Security Rule that are particularly relevant to password managers. We especially look to see whether the LastPass password manager is a suitable tool to support compliance with the password management requirements of the Administrative and Technical Safeguards.
Our LastPass review looks at this vault-based password manager from the perspective of an organization subject to the HIPAA Security Rule.
0 kommentar(er)
