Will Stage 3 Meaningful Use require multi-factor authentication?
It looks that way--just this month the ONC voted to accept the Privacy and Security Tiger Team’s recommendations, one of which requires multi-factor authentication for remote access to protected health information. Remote access includes the following scenarios:
- Access from outside an organization’s private network
- Access from an IP address not recognized as part of the organization or that is outside of its compliance environment
- Access across a network any part of which is or could be unsecure (e.g., unsecure wireless connection)
Meaningful Use Stage 3 is slated for 2015—that seems a long way off. With the convergence of EMR adoption and mobile technologies remote access is already in high demand by most physicians. I hope organizations are evaluating the options for multi-factor authentication sooner rather than later. If physicians get set up with remote access and then after the fact, maybe years later, multi-factor authentication is implemented—end user satisfaction could be impacted.