Mobility, Security, and Simplicity Drive Change In Healthcare User Authentication

Sarah Fender
Nov 15, 2012

While the enormous push toward automating healthcare systems and records shift is logical and mandatory, it is not without headache and risk. As patient records have been digitized, healthcare data breaches have surged. The number of reported breaches was up 32 percent in 2011 (New York Times).  That included three of the top six data breaches that year (HealthcareFinanceNews).

Streamlining the day to day processes for managing thousands of patient care records continues to be a challenge for healthcare providers. Imprivata’s technology provides many tools to expedite these steps. User authentication is one area in particular where mobility, security, and simplicity are strategically bolstered.

Mobility: Mobility is now a capability requirement for accessing critical healthcare data and applications. Remote access is not new – physicians have been logging in to view hospital patient records from their offsite offices for years. But the rules have changed – healthcare providers desire the real-time, easy access they experience as an everyday consumer; not just from their office, but anywhere/anytime access from the golf course, the coffee shop, the beach, and more.  This means more personal or other-company-owned devices for the IT department to try to manage.

Security: The value of data contained within healthcare records has increased and attacks have become more frequent and virulent. Regulatory agencies have responded by enacting regulations like HIPAA and HITECH to enforce stronger protection measures. Multi-factor authentication, which requires the user to log into the application with not only his typical credentials (something you know) and then use a second factor of authentication (something you have), is one such mandate.

Simplicity: Hardware security tokens were one of the first prevalent multi-factor authentication solutions. Physicians in particular find them to be terribly inconvenient.  They often have several tokens on a single keychain, one for each hospital where they have access. They have to keep track of them all, and remember which token matches each facility. Hardware tokens also do not effectively protect against today’s most virulent attacks like phone-based and other out-of-band solutions can.

PhoneFactor provides multi-factor authentication using any phone as the authentication device. It works in conjunction with Imprivata OneSign® and OneSign Anywhere™. Physicians and other healthcare users simply log in using their Imprivata single sign-on account credentials, then respond to the authentication request from PhoneFactor (phone call, sms text message, or smartphone app request). This provides them with secure, simple, regulatory compliant access to their data and applications – no matter where they are.

This is a guest post contributed to the Imprivata blog by Sarah Fender, Vice President Marketing & Product Management, PhoneFactor.