If you’re not using two-factor authentication to safeguard your agency’s PHI, you may pay the price under HIPAA.
What is it? “Two-factor authentication” (also known as “dual authentication,” “two-step authentication” or “multi-factor authentication”) means the use of more than just a password and user name, explained attorney Mary Beth Gettins of Gettins’ Law in a blog posting.
Definition: Two-factor authentication is a technology that provides identification of users by means of the combination of two different components, which may be something that the user knows, something that the user possesses, or something that is inseparable from the user.
Examples: When you make a withdrawal at the ATM, you typically need to provide an ATM card (something you have) and a PIN number (something you know), Gettins said. Or, when you need to reset or set your password, you may receive a code via text message (something you know) to your phone (something you have) after entering your user name. These are both examples of twofactor authentication.
You should use two-factor authentication for high- or higher-risk access to information, Gettins advised. For instance, you should use twofactor authentication for: Remote access to information; Access to highly private information or financial information; Resetting passwords; and Changing the computer configuration.