A Short Look At Two Factor use in Healthcare.

My Awesome Blog!

A Short Look At Two Factor use in Healthcare.

Security is of utmost importance in the safeguarding of patient data access and two factor authentication can aid in shoring up current security measures. The implementation of this additional layer of security would satisfy HIPAA Security Rule – 45 CFR 164 and could reduce incidences of data breaches for online identity theft. (Multi-factor authentication, 2017).

Two factor is an online security measure which depends on two forms of data, what you have, and who you are, to support its structure. The tradition method of account identity authentication uses a username and password which can be breached. Two factor authentication, though not 100 % breach proof, adds another layer of security to online user access authentication by additionally using something unique to the user – i.e. bio-metric data, a pin or token card. (Bradley, 2017).

The U.S. Federal Government recently announced a new federal cyber security plan that would mandate two factor security measures for government websites. (Thakkar, n.d.).
Individual U.S. states are not all following suit though; a notable exception is the state of New York where two factor authentication is mandatory for e-prescribing. (New York State Department of Health, 2016).

The information used to provide answers to the questions addressed here were taken from the American Hospital Association (AHA) Information Technology (IT) Supplement to the AHA Annual Survey (Gabriel, Charles , Henry & Watkins 2015). The data used targeted the specifics of two factor adoption in the surveyed hospitals and their capability in this regard. All of the hospitals surveyed did not respond to the survey, but the data sample returned of 56% is considerably large enough to render the data gathered statistically credible. Only 92 hospitals of the total surveyed, 3330, did not respond to the two factor question.

Across all hospitals returning the survey, the data shows that 54.5% have two factor capability; the data collected did not indicate actual usage of two factor authentication. Collected data did however, show disparity in factor for this technology: 71% of large hospitals had the capability; medium hospitals had 61.4% capability; small hospitals a 51% rating, and very small hospitals a 42.2% rating for two factor capability. Hospitals with one vendor had the highest two factor capability (58.6%) followed by hospitals with home grown systems (56.0%); the data suggests that hospitals with mixed systems (multiple vendors), had the smallest two factor capability (50%).

Data trends in hospitals show an increase in the amount of hospitals that have two factor capability – a 17% increase between 2010 and 2014. (Gabriel, et al., 2015). This may be due to the fact that the DEA made two factor authentication a requirement for facilities prescribing controlled substances. Hence two factor authentication implementation will allow this hospital to comply with HIPAA Security Rule – 45 CFR 164 and enable it to serve all patients. The technology can be integrated into the hospital’s current security protocols without necessarily adding new hardware; the cell phones most patients carry around can be used to enforce two factor authentication by the sending of randomly generated codes when a user attempts to access a healthcare portal. The implementation of two factor can add an extra layer of security to the hospital’s systems. In addition to the use of cell phones other methods include, but are not limited to: Tokens or keys
Bio-metric markers – fingerprint or voice recognition. It is unlikely that someone seeking to impersonate a valid user would have access to both sides of the authentication data.


Multi-factor authentication. (2017). Wikipedia.
Retrieved November 29, 2017 from

What is two factor authentication? (2017). Lifewire
Retrieved November 29, 2017 from

Thakkar, D. (n.d.) Two-factor Authentication Mandatory for Federal Government Websites and Contractors. Bayometric Retrieved November 29, 2017 from

Frequently asked questions for electronic prescribing. (2016). New York State Department of Health
Retrieved November 29, 2017 from

Gabriel, M, Charles, D, Henry, J, & Wilkins, TL. (November 2015) State and National Trends of Two-Factor Authentication for Non-Federal Acute Care Hospitals. ONC Data Brief, no. 32. Office of the National Coordinator for Health Information Technology: Washington DC. Retrieved November 29, 2017 from https://dashboard.healthit.gov/evaluations/data-briefs/hospital-two-factor-authentication.php#data-source

Leave a Reply

Your email address will not be published. Required fields are marked *