Skip to main content
Security Safeguards

Person or Entity Authentication

Verifying that a user or system seeking ePHI is who it claims to be.

Person or Entity Authentication is a HIPAA Security Rule technical safeguard requiring procedures to verify that a person or system seeking access to ePHI is in fact who or what it claims to be.

Authentication is commonly implemented with passwords, tokens, certificates, or biometrics, and is significantly strengthened by multi-factor authentication (MFA). It works together with access control to ensure only verified identities reach patient data.