Three considerations when implementing two-factor authentication

Dan Borgasano
Jun 05, 2017

Healthcare organizations are under constant attack from cyber threats. In the past two years, 90 percent of organizations experienced data breaches, with more than 100 million patient records impacted. Many of these attacks—up to 63 percent—were the result of weak or stolen credentials.

To address this threat and mitigate the risk posed by stolen credentials, organizations can implement two-factor authentication to safeguard access to patient records, clinical application, and other sensitive data. Two-factor authentication typically involves two of the following three methods of authentication:

1.     Something you know (i.e., a password or  PIN)

2.     Something you have (i.e., a proximity badge or OTP token)

3.     Something you are (i.e., biometrics)

However, before implementing a two-factor authentication solution, there are factors healthcare organizations should consider. Unlike other industries, healthcare cannot simply lock down information by building multi-layer security. In patient care, minutes…and even seconds…matter, and clinicians need fast, unimpeded access to patient information. Adding two-factor authentication has the potential to create barriers to care, so it is critical that healthcare considers the following when evaluating two-factor authentication options:

1.     Workflow integration: Two-factor authentication should allow for optimal workflow efficiency among users. This means finding flexible and easy to use authentication options to meet specific workflow requirements and preferences. Choosing easy to use authentication options allows for security to be transparent so providers can focus on patient care, not on technology.

2.     Extensibility to other workflows: The need for two-factor authentication stretches across a number of different business and clinical workflows and applications. Healthcare organizations should look into a solution that provides extensibility that meets all workflow needs, whether needing to access their desktop virtually, through a remote network, when using medical devices, or when electronically prescribing controlled substances.

3.     Compliance with healthcare regulations: Organizations want to ensure compliance with the highest standards regulating care. Processes such as electronic prescribing of controlled substances (EPCS) require two-factor authentication. However, DEA requirements are more stringent, so when selecting a two-factor authentication solution, organizations should ensure it can meet all their needs for EPCS and other regulated workflows.

Imprivata Confirm ID is purpose-built for healthcare to help satisfy these and other unique considerations when selecting a two-factor authentication solution. Imprivata Confirm ID is a single, centralized multi-factor authentication platform for all healthcare enterprise workflows that ensures workflow efficiency, supports the broadest range of fast, innovative, and convenient authentication modalities, and meets all the DEA requirements for EPCS. In addition, as a centralized authentication solution, it’s easier to deploy, creates and enforces individual and group policies, and simplifies auditing and reporting.

For more information on Imprivata Confirm ID, listen to the recording of our recent webinar about two-factor authentication considerations in healthcare: https://www.imprivata.com/resources/webinars/3-considerations-strong-two-factor-authentication-healthcare