HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Multi-Factor Authentication Capability Added to TrueVault Management Console

TrueVault, a provider of a HIPAA-compliant cloud storage platform for personally identifiable information, has announced that multi-factor authentication has now been added to the TrueVault Management Console.

The TrueVault platform was developed specifically to store personally identifiable information (PII) and protected health information (PHI) to ease the compliance burden on healthcare organizations that are developing cloud-based applications. Rather than having to build HIPAA Security Rule safeguards into their own applications to ensure PII/PHI is protected, TrueVault assumes that responsibility, allowing customers to concentrate on developing the core features of their applications.

HIPAA-compliant cloud resources incorporate the necessary safeguards to ensure the confidentiality, integrity, and availability of electronic PII/PHI. Those resources require some form of authentication, such as a username and password, to prevent unauthorized access. Through phishing attacks, social engineering techniques, and human error, passwords may be inadvertently disclosed and could potentially be used by unauthorized individuals to gain access to those cloud resources. Multi-factor authentication makes unauthorized access far more difficult.

Since TrueVault administrative accounts allow access to PII/PHI through the management console, it is important to ensure that those accounts are properly secured. With the new multi-factor authentication feature enabled, users’ accounts will require an additional means of authentication in addition to a password before access to the Management Console is granted.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

This is achieved via a Time-based One-Time Password (TOTP) app on a smartphone, such as Authy or Google Authenticator. When MFA is enabled, users will not be able to login to their accounts without a TOTP from their phone.

When a login attempt is made, a one-time code is sent to the user’s device which must be entered before access to the Management Console is granted. In the event of a password being compromised, access to the account will not be granted without the TOTP.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.