Per the HIPAA security doc at
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityrulepdf.pdf
The sections below are relevant for Secret Server usage.
(4)(i) Standard: Information access
management.
(B) Access authorization (Addressable). Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism.
(C) Access establishment and modification (Addressable). Implement policies and procedures that, based upon the entity’s access authorization policies, establish, document, review, and modify a user’s right of access to a workstation, transaction, program, or process.
(5)(ii)Implementation specifications.
(D) Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.
Secret Server can address these guidelines:
• Secret Server is a secure place to store and modify credentials which are used to access protected health information.
• Secret Server allows user, group, and role based access of control for these credentials.
• Secret Server tracks every time these credentials are viewed or changed.
• In many cases Secret Server allows a credential change inside Secret Server to ripple out to the machine where it used.
Article ID: 176, Created On: 8/3/2011, Modified: 8/16/2011