This document discusses using Active Directory for identity and access management in a HIPAA compliant way. It provides an overview of HIPAA access control requirements and introduces Active Directory as an option for meeting these requirements. Implementing Active Directory would help with auditing requirements and enforce separation of duties for access to electronic protected health information as required by HIPAA.