ABSTRACT
This chapter focuses on identity and access management within the healthcare environment. Healthcare Information Technology (IT) systems contain enormous amounts of sensitive information. Identification is the cornerstone of an information security program. All system entities must have a unique identifier that differentiates them from other entities. The most common type of user-known authentication is a password. The password is a protected word or string that authenticates the user to a system. Users tend to select common words or something that is simple for them to remember. This makes it easy to either guess the password or launch some form of an attack against the system in an effort to guess the password. A passphrase is a sequence of letters and numbers used as an alternative to a password. Technical solutions include one-time passwords or solutions involving memory or smart cards. An internal clock value is combined with the token’s secret key to generate a time-based password.
