Skip to main content

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) requires users to verify their identity with a second factor — such as a code sent to their phone — in addition to their password. For any account with access to Protected Health Information (PHI), MFA is a critical security control.

Why MFA Matters

  • Prevents Unauthorized Access: Even if a password is compromised, an attacker cannot access the account without the second factor.
  • HIPAA Alignment: HIPAA's Security Rule requires access controls that protect PHI from unauthorized access. MFA is a recognized technical safeguard.
  • Reduces Breach Risk: The majority of healthcare data breaches involve compromised credentials. MFA significantly reduces this risk.

How to Enable MFA

  1. Go to Settings on the navigation pane.
  2. Select Security or Account Settings.
  3. Find the Multi-Factor Authentication section.
  4. Click Enable MFA.
  5. Choose your preferred second factor — authenticator app or SMS.
  6. Follow the setup instructions to link your device.
  7. Click Save.

Tips

  • Use an authenticator app (e.g., Google Authenticator, Authy) rather than SMS for stronger security.
  • Require MFA for all team members with access to clinical records — not just administrators.