Project

General

Profile

Actions
Copy link

Epic #1

open

Access Control & Identity Management

Added by rashmita rout about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Medium
Assignee:
-
Target version:
-
Start date:
12/24/2025
Due date:
% Done:

0%

Estimated time:
(Total: 0:00 h)
Work Type:
Platform
Technical Area:
Release Narrative:

Description

Epic Title (use exactly):
HIPAA – Access Control & Identity Management

BRD Reference:
Section 7.1 (Access Management)
Section 8.1 (Authentication & Authorization)

Objective:
Ensure only authorized users can access PHI using strong identity, role, and authentication controls.

Covers:
RBAC (Admin / Analyst / Viewer)
Unique user accounts
MFA for privileged users
Least privilege enforcement
Internal service-to-service authentication

Subtasks 10 (10 open0 closed)

Story #11: Implement Role-Based Access Control (RBAC)New12/24/2025

Actions
Story #12: Enforce Unique User Accounts for All PHI AccessNew12/24/2025

Actions
Story #13: Enforce Strong Password Policy for User AuthenticationNew12/24/2025

Actions
Story #14: Enable Multi-Factor Authentication (MFA) for Admin and Privileged UsersNew12/24/2025

Actions
Story #15: Enforce Least Privilege Access ModelNew12/24/2025

Actions
Story #16: Secure Internal Service-to-Service AuthenticationNew12/24/2025

Actions
Story #17: Implement Secure Session Management and TimeoutsNew12/24/2025

Actions
Story #18: Implement Account Lockout and Brute-Force ProtectionNew12/24/2025

Actions
Story #19: Support Periodic User Access ReviewNew12/24/2025

Actions
Story #20: Log Authorization Failures for PHI Access AttemptsNew12/24/2025

Actions
Actions
Copy link

Also available in: Atom PDF