Two-Factor Authentication for HIPAA


This section describes how the Commvault  software addresses the following HIPAA rules:

  • "Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.” (Mechanism to authenticate ePHI, Section 164.312(c)(2))

You can provide an extra level of security when a user logs on to the CommCell Console. A user must provide a 6-digit Personal Identification Number (PIN) in addition to their password in order to access the CommCell Console.

Users can obtain a PIN by any of the following methods:

  • Email

    The CommCell sends a one-time PIN to users every time they log on to the CommCell. These PINs are valid for 30 minutes.

  • Mobile Apps

    The mobile apps generate PINs that are valid for 30 seconds. After 30 seconds, the apps generate a new PIN.

  • Desktop Application

    The desktop application generates PINs that are valid for 30 seconds. After 30 seconds, the application generates a new PIN.

For a comprehensive description of the Commvault Two-Factor Authentication feature, see Two-Factor Authentication - Overview.