Cybersecurity and Single Sign-On (SSO)

Modified on Tue, 8 Jul at 5:20 PM

DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.

What is Single Sign-On, and is it Required by HIPAA?

According to the Cybersecurity and Infrastructure Agency (CISA), single sign-on (SSO) is "SSO is a user authentication and access control system that allows users to access multiple applications, tools, and systems with just one set of credentials. By centralizing the authentication process, SSO streamlines identity management and simplifies the user experience by only needing to remember one username and password for all accounts. SSO can help bolster security measures as it decreases the frequency of users having to input their login credentials. Furthermore, SSO can reduce password duplication across various platforms, consequently reducing the potential for password leakage."  https://www.cisa.gov/sites/default/files/2024-06/Barriers-to-SSO-Adoption-for-SMB-508c.pdf (page 3).

HIPAA does not specifically require the implementation of SSO. Single sign-on is an access management measure. The Health Industry Cybersecurity Practices (HICP) publication, "Technical Volume 1: Cybersecurity Practices for Small Healthcare Organizations," identifies single sign-on as a "best practice" cybersecurity measure for small healthcare organizations, noting that small healthcare organizations can "implement single sign-on systems that automatically manage access to all software and tools once users have signed onto the network. These systems allow your organization to centrally maintain and monitor access." (p. 17).

Single sign-on is identified by the National Institute of Standards and Technology as an Identification and Authentication Measure. (p. 134).




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article