Two-Factor Authentication for HIPAA


On this page

This section describes how the Commvault software addresses the following HIPAA rules:

  • "Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.” (Mechanism to authenticate ePHI, Section 164.312(c)(2))

You can provide an extra level of security, called two-factor authentication (which is a form of multi-factor authentication), when a user logs on to the CommCell Console. A user must provide a 6-digit PIN (personal identification number) along with their password in order to access the CommCell Console.

Users can obtain a PIN by any of the following methods:

  • Email: The CommCell sends a one-time PIN to users every time they log on to the CommCell. These PINs are valid for 30 minutes.

  • Mobile apps: The mobile apps generate PINs that are valid for 30 seconds. After 30 seconds, the apps generate a new PIN.

  • Desktop application: The desktop application generates PINs that are valid for 30 seconds. After 30 seconds, the application generates a new PIN.

Two-Factor Authentication for Your CommCell Environment