Two-factor authentication on the rise, small hospitals fall short, ONC says
Fewer than half of U.S. hospitals support an infrastructure capable of two-factor authentication, The Office of the National Coordinator for Health IT reported in November, while 35 percent of critical access hospitals and 40 percent of small rural hospitals report the lowest levels of capability.
Two-factor authentication requires users to give at least one other form of identification beyond username and password to get access to electronically protected information, such as a PIN and fingerprint or voice recognition.
The process is a low-cost, effective way to meet HIPAA standards, but not enough hospitals have implemented it into their cybersecurity plans, the ONC said.
[Also: Reinforcing security shields]
"As electronic health information becomes more widely available, proper security measures must be implemented to ensure the information is only accessible to those with the rights to access it," the report said.
The report stresses that hospital support for two-factor authentication has increased by 53 percent since 2010. Meanwhile, cybersecurity experts assert reported levels of adoption are still drastically low, given the steady rise in healthcare data breaches and the increase in hackers targeting the healthcare industry.
Only half of small urban hospitals have two-factor authentication capability, while 59 percent of medium and 63 percent of large institutions were capable. And reporting of two-factor authentication is much higher in these larger provider systems.
"HIPAA offers two-factor authentication as a possible method to provide security to electronically protected health information," the report states. It "requires covered entities to verify that a person seeking access to electronic protected health information has authorization."
Some states are above the bar on establishing two-factor authentication. Ohio raked at the top with 93 percent adoption, while Vermont, with 83 percent, and Delaware, with 81 percent, followed closely behind.
On the other hand, Montana, with 19 percent, North Dakota, with 23 percent, and Maine, with 26 percent, saw the lowest percentages in terms of implementing a two-factor authentication system.