Study: 1 in 2 Hospitals Use 2-Factor Authentification for Patient Info Security
The percentage of hospitals with two-factor authorization capability for ePHI security is up from just 32 percent in 2010.
Photos and VideosView Slideshow
A new report shows that about half of the hospitals in the country used two-factor authentication to protect electronic Protected Health Information in 2014.
The study examined trends from 2010 to 2014 in hospitals’ ability to use two-factor authentication to prevent unauthorized access to such information, also known as ePHI. The research was done by the Office of the National Coordinator for Health Information Technology.
Two-factor authentication is one way to comply with HIPAA’s requirement that hospitals ensure the people accessing ePHI have authorization. Two-factor authentication includes requiring users to answer security questions or enter a randomly generated number sent to their personal mobile device before gaining access to ePHI.
The percentage of hospitals with two-factor authorization capability is up from just 32 percent in 2010.
The study also shows that the size and type of hospitals impacts whether or not they have the capability to use two-factor authentication. Sixty three percent of large hospitals had two-factor authentication capability but only 40 percent of small rural hospitals were two-factor capable. Hospitals labeled as “critical access” by CMS were even less likely to use two-factor authentication, with only 35 percent of them saying they had that capability.
It’s important to note that two-factor identification is just one way to maintain ePHI security. Hospitals can uphold PHI security and comply with HIPAA without two-factor authentication and, in fact, most do.