Why dual-factor authentication is the new gold-standard for healthcare
Dual-factor authentication is fast becoming an IT security best practice in the healthcare industry. An increasing number of cybersecurity threats and high-profile data breaches, such as the 2015 Anthem attack, have drawn public scrutiny to healthcare cybersecurity practices. In response, healthcare IT leaders are turning to dual-factor authentication (also known as two-factor authentication or multifactor authentication) as their strong authentication method of choice.
How dual-factor authentication works
Dual-factor authentication requires users to provide two forms of identification to access patient data. These forms, or factors, should include a combination of two of the following:
- Something you know – such as a username and password combination
- Something you have – such as a mobile device, a soft token, or a hard token
- Something you are – such as a fingerprint scan
By adding two layers of authentication security, dual-factor authentication helps protect sensitive patient identifiers and patient data by doubling the hacking difficulty for cyber attackers. But, in order to reap the full extent of dual-factor authentication’s benefits, healthcare applications need to be designed to increase convenience for users, not just increase security for IT.
Why healthcare requires a unique approach to IT security
User-friendly dual-factor authentication is a unique challenge for the healthcare industry because, in order to provide effective patient care, healthcare providers need to be able to access relevant patient data quickly and conveniently. If clinicians cannot remember their complex passwords, or cannot copy their token codes correctly, they lose valuable time which they could spend treating their patients. Other highly-sensitive industries, such as banking, do not require the same user convenience for their authentication methods, because their users do not need to authenticate as often, or as quickly, as healthcare users need to.
How strong authentication technologies can meet healthcare’s special security needs
In order to maximize the security and minimize the inconvenience of dual-factor authentication, healthcare IT vendors need to design authentication methods to actively complement clinical workflows. The most important clinical workflows that require dual-factor authentication include:
Electronic prescribing of controlled substances (EPCS): due to the powerful nature of controlled substances, the DEA requires multi-factor authentication for EPCS.
Medical device access: many medical devices collect sensitive patient information that healthcare IT leaders are choosing to protect with strong authentication methods.
Remote access to networks and cloud applications: providers often need to access patient data from their home computers or personal devices, requiring special out-of-network authentication measures.
The Imprivata dual-factor authentication solution
Imprivata Confirm ID is the comprehensive identity and multifactor authentication platform for fast, secure authentication workflows across the healthcare enterprise. Imprivata Confirm ID is a single, centralized solution that enables remote and on-premise users to transact with patient health information securely and conveniently.
- Hands Free Authentication, a wireless solution that retrieves and verifies a one-time password from an application on a mobile device, even if the device is locked and/or in a user’s pocket
- Push token notification, a fast, convenient mechanism for enabling user authentication from a mobile device with the simple press of a button
- Fingerprint biometrics, including options that meet FIPS-201 Personal Identity Verification requirements, which is a DEA requirement for multi-factor authentication for EPCS
- SMS, which gives users who do not have push token functionality a convenient alternative for authentication for remote access and other workflows
- Conventional hardware and software tokens
- Usernames and passwords
- Proximity cards