Security Safeguards
Person or Entity Authentication
Verifying that a user or system seeking ePHI is who it claims to be.
Person or Entity Authentication is a HIPAA Security Rule technical safeguard requiring procedures to verify that a person or system seeking access to ePHI is in fact who or what it claims to be.
Authentication is commonly implemented with passwords, tokens, certificates, or biometrics, and is significantly strengthened by multi-factor authentication (MFA). It works together with access control to ensure only verified identities reach patient data.