ONC: Two-factor authentication capabilities on the rise for hospitals

Two-factor authentication is on the rise at hospitals and health systems, according to the Office of the National Coordinator for Health IT, which points out in a recently published data brief that the number of organizations able to support such security processes grew by 53 percent from 2010 to 2014.

The brief marks the first time the agency has released such data on the trend.

However, while overall two-factor authentication--which requires employees to have more than just a password and username to access systems--is on the rise, the types of hospitals that support it vary greatly, ONC found.

Those who have the lowest level of support for such a system include critical access hospitals at 35 percent and small rural hospitals at 45 percent. About 50 percent of small urban hospitals have support, medium-sized facilities are at 59 percent and large hospitals at 63 percent.

Other findings outlined in the brief, which used data from the American Hospital Association Information Technology Supplement to the AHA Annual Survey, include:

  • In 2014, 50 percent of the hospitals in 20 states had two-factor authentication capabilities
  • Ohio, Vermont and Delaware had the most hospitals that had IT structures allowing for the systems
  • Montana, North Dakota and Maine had the fewest facilities with the capability

The brief was unclear about whether the facilities actually do in fact follow such practices, or simply have the means to support two-factor authentication.

One example of an organization using that system is Idaho-based St. Luke's Health System. The facility has an access-management process for systems administrators, FierceHealthIT previously reported. Personnel must log in with two-factor authentication, check out the credentials needed to do their work, then afterward check those credentials back in.

In addition to having security controls like this in place, education of employees about their access rights and role in keeping data secure also is key to protecting patient privacy.

To learn more:
- read the data brief (.pdf)