“Doctors were excited about this project because it makes their workflow easier and makes things easier for patients,” Meredith Sefa, NorthShore’s assistant vice president for application services, tells HealthTech.
Moreover, MFA can even be a window to the world of password-free authentication. Already, Microsoft has been able to achieve a pseudo-passwordless state for its users by deploying many of its own MFA solutions internally.
Key Considerations for an MFA Solution
While MFA certainly improves security and workflow, authentication itself, while necessary, can sometimes prove burdensome for clinicians and staff.
“Within EpicCare alone, there are more than 40 clinical workflows that may require users to authenticate,” explains Wright. “These include witnessing medication wasting, blood administration, anesthesia attestation and others.”
For this reason, adding layers of security could potentially create inefficiencies, Wright explains, noting that there are a number of factors providers should consider to ensure the solution doesn’t “frustrate users, impede workflow or create barriers to patient care.”
He lays out the factors below as key considerations:
- Extensibility to meet all present and future authentication needs, inside and outside the hospital
- Security balanced with convenience to enable — not impede — patient care through:
- Embedded authentication workflows that tightly integrate with the EHR and other applications, medical devices, remote access gateways, virtual desktop platforms, and other systems
- Flexible, comprehensive portfolio of authentication methods
- Compliance with the highest standards regulating care, such as the DEA requirements for electronic prescriptions for controlled substances
- A platform built specifically for healthcare and its unique workflow needs
LEARN MORE: Discover how strong password policies can combat evolving threat actors.
How to Overcome Cultural Barriers to an MFA Implementation
While MFA systems are simple enough to integrate from an IT perspective, Wright notes that, as with many IT implementations, the culture is “where the hard work starts.”
“Unless you choose your MFA system wisely, you will be adding an additional step to the login process which your clinical and business partners won’t be thrilled with. Therefore, as an IT professional, it’s up to us to communicate the “why” of using MFA,” says Wright.
When seeking to communicate the importance of these systems, it helps to point to many of the recent breaches that have affected healthcare organizations and the impact these breaches have on the organizations themselves.
What’s most important, however, is that the implementation is seen as a collaboration between IT and staff in order to create a more secure healthcare environment.
“Your clinical and business partners should feel as if they’re making the MFA journey with the IT organization, not having something, once again, done to them by IT.”
As providers begin to overcome cultural barriers, eventually MFA will likely become the norm when it comes to healthcare authentication.
“Going forward, you’ll see 2FA and MFA playing the same role they play today: moving toward a password-free environment. The difference being, the lack of 2FA and MFA will be the exception, whereas today, those with 2FA and MFA are the exception,” says Wright.