ONC: Less than half of hospitals support two-factor authentication

A new data brief from the Office of the National Coordinator (ONC) reveals that less than half of U.S. hospitals support an infrastructure capable of two-factor authentication.

Just over one-third (35 percent) of critical access hospitals and 40 percent of small rural hospitals report the lowest levels of capability.

Two-factor authentication means users are required to provide another form of identification beyond username and password to access protected information. That can include a PIN and fingerprint or voice recognition. It's meant to be a low-cost, effective way to meet HIPAA standards, but not enough hospitals have implemented it into their cybersecurity plans, ONC said.

"As electronic health information becomes more widely available, proper security measures must be implemented to ensure the information is only accessible to those with the rights to access it," according to the report.

Hospital support for two-factor authentication has increased by 53 percent since 2010, the report said, but adoption levels are still very low, especially considering the increase in cybersecurity threats and data breaches in healthcare. Only half of small urban hospitals have two-factor authentication capability, while 59 percent of medium and 63 percent of large institutions were capable. Reporting of two-factor authentication is much higher in these larger provider systems.

"HIPAA offers two-factor authentication as a possible method to provide security to electronically protected health information," according to the report, requiring "covered entities to verify that a person seeking access to electronic protected health information has authorization."

When broken down by state, Ohio ranked at the top with 93 percent adoption, followed Vermont at 83 percent and Delaware at 81 percent. At the other end is Montana with 19 percent, North Dakota with 23 percent, and Maine with 26 percent.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”