Two-Factor Authentication: A No Brainer to Protect Patient Data
When stolen data can impact patient care and, in the wrong hands, potentially lead to threatening situations, ensuring the security of patient data is critical. Knowing just how high the stakes are, it is especially alarming that healthcare data breaches are on the rise. Healthcare organizations must take action to ensure the safety and privacy of their patients. Two-factor authentication, which stops 99% of automated cyber-attacks, is an effective security mitigation.
For Healthix, the largest public health information exchange (HIE) in the U.S., two-factor authentication has been an integral component of the company’s security ecosystem. In recent months, the HIE updated to two-factor authentication built on InterSystems IRIS® to ensure a more seamless and simpler process to meet customers’ mobile needs.
With two-factor authentication, Healthix can mitigate and reduce risk by sending an authorization request to a user’s mobile device or email, depending on the organization’s policy, to ensure that whomever logs into the patient portal is in fact authorized to do so and is authenticated to view that data.
According to Nick VanDuyne, Senior Vice President and Chief Information Officer at Healthix, “With the help of InterSystems, Healthix is able to create a greater degree of security assurance for customers and as a result, improve patient privacy while maintaining access to clinical data to improve outcomes.”
While Healthix sees the immense benefits of two-factor authentication, not all healthcare organizations have embraced the technology. The Health Insurance Portability and Accountability Act (HIPAA) requires password security, which can be satisfied through two-factor authentication, but it is still not mandated.
The state of New York is going beyond what is required federally, to ensure patient privacy. It recently announced the requirement of two-factor authentication for all healthcare providers. Additionally, the state’s public HIEs, such as Healthix, are required to meet stringent HITRUST standards. As the threat landscape continues to grow, new regulations, such as the one recently implemented by New York, will hopefully encourage more states to follow suit.
As the pandemic continues to unfold and healthcare organizations are forced to digitally transform and embrace new technologies, they can look to Healthix as an example of how to ensure greater security by implementing two-factor authentication.
This story originally appeared the October 16, 2020 – HealthShare Connections News Flash No.4: COVID-19 Pandemic newsletter