Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more. Results include content from our developer community, product documentation and education websites in addition to

Two-Factor Authentication: A No Brainer to Protect Patient Data


When stolen data can impact patient care and, in the wrong hands, potentially lead to threatening situations, ensuring the security of patient data is critical. Knowing just how high the stakes are, it is especially alarming that healthcare data breaches are on the rise. Healthcare organizations must take action to ensure the safety and privacy of their patients. Two-factor authentication, which stops 99% of automated cyber-attacks, is an effective security mitigation.

For Healthix, the largest public health information exchange (HIE) in the U.S., two-factor authentication has been an integral component of  the company’s security ecosystem. In recent months, the HIE updated to two-factor authentication built on InterSystems IRIS® to ensure a more seamless and simpler process to meet customers’ mobile needs.

With two-factor authentication, Healthix can mitigate and reduce risk by sending an authorization request to a user’s mobile device or email, depending on the organization’s policy, to ensure that whomever logs into  the patient portal is in fact authorized to do so and is authenticated to view that data.

According to Nick VanDuyne, Senior Vice President and Chief Information Officer at Healthix, “With the help of InterSystems, Healthix is able to create a greater degree of security assurance for customers and as a result, improve patient privacy while maintaining access to clinical data to improve outcomes.”

While Healthix sees the immense benefits of two-factor authentication, not all healthcare organizations have embraced the technology. The Health Insurance Portability and Accountability Act (HIPAA) requires password security, which can be satisfied through two-factor authentication, but it is still not mandated.

The state of New York is going beyond what is required federally, to ensure patient privacy. It recently announced the requirement of two-factor authentication for all healthcare providers. Additionally, the state’s public HIEs, such as Healthix, are required to meet stringent HITRUST standards. As the threat landscape continues to grow, new regulations, such as the one recently implemented by New York, will hopefully encourage more states to follow suit.

As the pandemic continues to unfold and healthcare organizations are forced to digitally transform and embrace new technologies, they can look to Healthix as an example of how to ensure greater security by implementing two-factor authentication.

This story originally appeared the October 16, 2020 – HealthShare Connections News Flash No.4: COVID-19 Pandemic newsletter

Other Success Stories You Might Like

The Rhodes Group HCV algorithm and communications using InterSystems HealthShare helps New Mexico managed care organizations avoid millions of dollars in penalties for missing HCV treatment targets
A private hospital group in the Middle East is bringing the hospital to patients at home. The care team uses in-home devices to monitor patients and a phone app to deliver device and patient-generated data to its EMR. The physicians and nurses making virtual house calls have all the information they need, using familiar software, for optimal, personalized care.
New York City's health agency enlisted Healthix, a longtime InterSystems HealthShare® partner, to collaborate on several other projects designed to keep school children healthy.
Healthcare organizations are moving quickly to satisfy new interoperability rules from CMS and ONC. For some, the regulatory requirements serve as a springboard to exceed expectations, creating data-driven experiences for members.
Matching inpatient and outpatient records with HealthShare Patient Index enabled a single view of patient data, joint ventures with other healthcare organizations, and better information flow.
The Chief Medical Officer at a major west-coast health plan in the U.S. asked for complete visibility into who’s in the hospital at any given moment. Given the work the health plan was already doing with InterSystems and health information exchange, the director of corporate data and analytics answered confidently, “Yes, we can do that.” “Can you do it in six months?” the CMO asked. The reply? Also affirmative.

Take The Next Step

We’d love to talk. Fill in some details and we’ll be in touch.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
** By selecting yes, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products and events. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.