HIPAA Security Rule and Multi-Factor Authentication

The Security Rule under the US Health Insurance Portability and Accountability Act (HIPAA) requires dental providers, as HIPAA-covered entities, to adopt adequate means for safeguarding the confidentiality, integrity, and availability of electronic protected health information (ePHI). One of these safeguards is multi-factor authentication, which is implemented to verify that a person or entity seeking access to ePHI is the one claimed. Robust authentication most often serves as the first line of defense against malicious intrusions and attacks.

 Poor authentication practices have been identified as contributing to many recent high profile cyber-attacks and data breaches. According to the US Department of Health and Human Services (HHS), a recent study found that 86% of cyberattacks to access an organization’s internet systems (e.g., web servers, email servers) used stolen or compromised credentials.

Effective authentication ensures that only authorized individuals or entities are permitted access to an organization’s information systems, resources, and data. A HIPAA-covered entity’s security risk analysis should guide its implementation of authentication solutions to ensure that ePHI is appropriately protected. As a best practice, regulated entities should implement multi-factor authentication solutions, including phishing-resistant multi-factor authentication, where appropriate, to improve the security of ePHI and to best protect information systems from cyberattacks. For information and resources about implementing computer safeguards and cybersecurity, refer to our blog from April 2023.

For our OSHA Review subscribers… a HIPAA checklist to help dentists conduct a security risk analysis can be downloaded from OSHA Review’s website. For more information about HIPAA requirements, please refer to the July/August 2022 Training Document in Section X of your OSHA Review binder.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.