Two-Factor Authentication

Why two-factor authentication is the new gold-standard for healthcare:

Two-factor authentication is fast becoming an IT security best practice in the healthcare industry. An increasing number of cybersecurity threats and high-profile data breaches, such as the 2015 Anthem attack, have drawn public scrutiny to healthcare cybersecurity practices. In response, healthcare IT leaders are turning to two-factor authentication (also known as dual-factor authentication) as their strong authentication method of choice.

How two-factor authentication works:

Two-factor authentication requires users to provide two forms of identification to access patient data. These forms, or factors, should include a combination of two of the following:

  • Something you know – such as a username and password combination
  • Something you have – such as a mobile device, a soft token, or a hard token
  • Something you are – such as a fingerprint or palm vein scan

By adding two layers of authentication security, two-factor authentication helps protect sensitive patient identifiers and patient data by doubling the hacking difficulty for cyber attackers. But, in order to reap the full extent of two-factor authentication’s benefits, healthcare applications need to be designed to increase convenience for users, not just increase security for IT.

Why healthcare requires a unique approach to IT security:

User-friendly two-factor authentication is a unique challenge for the healthcare industry because, in order to provide effective patient care, healthcare providers need to be able to access relevant patient data quickly and conveniently. If clinicians cannot remember their complex passwords, or cannot copy their token codes correctly, they lose valuable time which they could spend treating their patients. Other highly-sensitive industries, such as banking, do not require the same user convenience for their authentication methods, because their users do not need to authenticate as often, or as quickly, as healthcare users need to.

How strong authentication technologies can meet healthcare’s special security needs:

In order to maximize the security and minimize the inconvenience of dual-factor authentication, healthcare IT vendors need to design authentication methods to actively complement clinical workflows. The most important clinical workflows that require dual-factor authentication include:

Electronic prescribing of controlled substances (EPCS): due to the powerful nature of controlled substances, the DEA requires two-factor authentication for EPCS.

Medical device access: many medical devices collect sensitive patient information that healthcare IT leaders are choosing to protect with strong authentication methods.

Remote access to clinical applications: providers often need to access patient data from their home computers or personal devices, requiring special out-of-network authentication measures.

The Imprivata two-factor authentication solution:

Imprivata Confirm ID™ is a comprehensive identity and authentication platform that gives healthcare organizations a single, centralized solution for user authentication across enterprise workflows. Designed specifically to complement core clinical workflows, Imprivata Confirm ID offers the broadest range of authentication methods to increase clinical convenience, including:

To improve your organization’s cybersecurity and increase your clinicians’ productivity with convenient two-factor authentication, request a demo of Imprivata Confirm ID.

  • Hands Free Authentication, a wireless solution that retrieves and verifies a one-time password from an application on a mobile device, even if the device is locked and/or in a user’s pocket.
  • Push token notification, a fast, convenient mechanism for enabling user authentication from a mobile device with the simple press of a button
  • Fingerprint biometrics, including options that meet FIPS-201 Personal Identity Verification requirements, which is a DEA requirement for two-factor authentication for EPCS
  • SMS, which gives users who do not have push token functionality a convenient alternative for authentication for remote access and other workflows
  • Conventional hardware and software tokens
  • Usernames and passwords
  • Proximity cards