Two factor authentication is an important aspect of protecting ePHI (electronic protected health information). This authentication process, recommended for HIPAA compliance, requires the user to supply one form of identification in addition to the username and password. ARW requires two-factor authentication internally and encourages clients to utilize it. Maintaining compliance and staying ahead of these trends are tasks that are taken very seriously by ARW.
Why is two-factor authentication important to ARW? ARW’s Director of Operations, Daemon Le, states that, “It’s kind of understood within the tech industry how vulnerable just using password authentication is. The Federal Financial Institutions Examination Council (FFIEC) recognized this when they updated their guidance for the financial industry on using two-factor authentication in 2005. A good example of people using two-factor every day, without even realizing it, is at the ATM – you need a card (something you own) and a PIN (something you know). It is important to realize that folks understand the significance of financial data, but not necessarily their health data. Most people don’t realize that health data isn’t just ‘health’ data, but also provides everything that you normally need to create bank accounts and apply for credit cards. And that’s the real rub. The information to fill out those kinds of applications really is the type of information thieves want in order to get to your money, and anything else identity theft can achieve. Losing a credit card just means a possible lost of money in a moment in time and the inconvenience of canceling and waiting for a new card. Having your identity stolen is a lifetime deal. Your information is now out ‘there’ and you can’t take it back. This is why ARW want to ensure clients have the option for better protection of their PHI and also why ARW encourages clients to use it.” State and National Trends of Two-Factor Authentication for Non-Federal Acute Care Hospitals ONC Health IT, November 2015