Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Tools for protecting privacy and confidentiality
Slide content:Authentication and Passwords Authentication: Process of gaining access to secure computer Usual approach is passwords ( what you know ), but secure systems may add physical entities ( what you have ) Biometric devices: Physical characteristic (e.g., thumbprint) Physical devices: Smart card or some other physical key Ideal password is one you can remember but no one else can guess Typical Internet user interacts with many sites for which he/she must use password single sign-on is commonly used Two-factor authentication 15
Slide notes:The next slides elaborate on authentication and passwords. Authentication is the process of gaining access to a secure computer, for example, logging onto a computer. The usual approach for authentication is the password, which is a piece of information that the computer user knows. With more secure systems, organizations may require information about a physical characteristic, or what you have, such as a biometric device that registers thumbprints or the use of a smart card or some other physical key that enables the user to access the machine. Most of these systems have pros and cons that must be worked through by the organization for effective use. In terms of passwords, the ideal password is one that can be remembered but that no one else can guess. This is easier said than done, especially today, when the typical Internet user may interact with many different sites, each of which requires the use of a password. In many health care organizations, especially large organizations, single sign-on is used, where the user only has to authenticate once and then has access to the other systems that they need. Of course, the downside to single sign-on is that if an unauthorized user gains access through an authorized users sign-on, the unauthorized user gains access to every point that is open to the authorized user. Two-factor authentication, which is commonly used in health care, is a security process that requires the user to provide two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code or PIN (personal identification number). Three-factor authentication is the strongest authentication method but has proven difficult to implement in the provider environment. 15