SPOTLIGHT: Two-factor authentication

Perhaps the biggest unanswered question of the national push toward EMRs is whether systems will adequately protect the privacy of patient information. The latest to doubt the security of EMRs is Michael Magrath, business development director for security firm Gemalto North America, who says that simply requiring a username and password to access patient records is not adequate. Magrath--perhaps looking to sell some product--calls for two-factor authentication in EMR systems, recommending that each user carry a smart card linked to a PIN or passcode. Press release