We’ve sung two-factor authentication’s praises before, and we’ll continue to sing them in 2016. Two-factor authentication is a vital extra layer of protection in today’s world where digital information is always vulnerable. One of the most common ways to authenticate a person (to prove they are who they say they are) is username and password. However, this alone is too easy for skilled and experienced hackers.
Single-factor authentication also contributes to many major hacks—including one of the largest banking hacks of all time, the JPMorgan Chase breach in 2014. While they did use two-factor authentication on most servers, one server was left out in the cold and open for the attack.
Now, one industry poses more risk than ever: healthcare. With personal health information abundant within documents and data, thieves are targeting medical records and related documents in droves. With an estimated 2 million victims of medical identity theft in 2014 and a 21 percent increase in medical data breaches, it’s no surprise that getting the right eyes on data is a top-tier concern.
But here’s the good news. Two-factor authentication is gaining speed in healthcare.
Just last month, the Office of the National Coordinator for Health Information Technology published a brief stating that the adoption of two-factor authentication among non-federal acute care hospitals has increased by 53 percent since 2010.
We’ve seen this good news in action, too. Seventy-five percent of our healthcare clients are using two-factor authentication with e-signatures as a way to thwart ill-willed hackers and assure security of PHI.
Here’s why providers should make two-factor authentication a priority when building cyber security strategies—especially when working with digital documentation and e-signatures:
Two-factor authentication supports HIPAA law. The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to verify that a person seeking access to PHI has authorization. Two-factor authentication requires users of the technology to provide an additional form of identification besides the common username and password, therefore helping to satisfy this requirement and negating potential threats to authentication.
Half of hospitals have the capability for two-factor authentication. Six in ten medium size (59 %) and large (63 %) hospitals have this capability, and half (51 %) of small urban hospitals also have this capability, according to the brief. Two-factor authentication in non-federal acute care hospitals has increased 11 % each year since 2010, and we expect the trend to continue.
Two-factor authentication is an essential capability for providers who e-prescribe controlled substances. In 2010, the DEA added this requirement to the Electronic Prescription for Controlled Substances. This rule gives practitioners the option to electronically prescribe prescriptions with several options for obtaining authentication credentials, according to the brief.
SMS authentication and KBA are the most popular, secure “two factors” you can use in protecting digital documentation. One of the easiest types of two-factor authentication uses a technology most people have glued to their hands—their mobile phone. With text message (SMS) authentication, an online service sends a text message with a unique, one-time code to your clients after they successfully enter their password.
There are three types of KBA, or knowledge-based authentication: static, dynamic and enhanced.
- Static: Your signer picks security questions and gives answers that are stored and referenced later.
- Dynamic: The online service generates multiple-choice questions that only apply to one person. This type of KBA doesn't require any previous relationship with the customer, so it is an attractive option for users who need to be authenticated instantly.
- Enhanced: It’s similar to dynamic in that it presents multiple-choice questions, but through proprietary data sources, which gives a complete end-to-end authentication solution to verify new and existing users online. (Linked here is an easy-to-follow infographic on KBA.)
Two-factor authentication is not only compliant and secure, but implementing it is easy, the technology is readily available and it’s on the rise in many healthcare organizations. Let’s aim for 100% usage in 2016, shall we?
Ready to learn about SIGNiX’s authentication structure? Here’s our easy, step-by-step outline to help you know your signer.