Welcome to Protecting Your Practice, a series of articles from Empathic Software dedicated to educating mental health providers about the importance of cybersecurity and simple steps you can take to keep your data safe.
In this article, we'll be discussing multi-factor authentification (MFA), a simple but highly effective safeguard against would-be cybercriminals.
Cybersecurity in Mental Healthcare
Protected Health Information (PHI) is extremely valuable. Hackers can use stolen client data to make false medical claims, purchase prescriptions, and even receive treatment. In fact, it is estimated that PHI is 10-15 times more valuable than credit card data on the dark web.
With the increase of digital healthcare services stemming from the COVID-19 pandemic, PHI cyberattacks have also risen drastically in recent years. In January 2021 alone, 878 million healthcare records were breached — more than in all of 2017.
More recently, the February 2024 cyberattack on Change Healthcare disrupted over 20,000 claims. For months, providers across the healthcare industry were left struggling to bill for their services, while patients faced challenges while trying to fill essential prescriptions.
With cybercrime in the healthcare sector showing no signs of slowing down, it is imperative that providers take steps to protect their practice and clients.
What is Multi-Factor Authentification?
Multi-factor authentication (MFA) involves using more than one method of user verification. This adds another layer of security to your accounts if your passwords are compromised.Â
Generally speaking, there are three steps involved in MFA:
Enter your login credentials on your primary device (e.g. laptop)
Receive a unique code on a secondary device (e.g. cell phone)
Enter the unique code on the primary device to confirm login
Multi-factor authentification combines knowledge with verification. This means that even if a cybercriminal gains access to your password, they can't actually access the system itself without access to your secondary device.
Integrating Multi-Factor Authentification Into Your Practice
Depending on the technology your practice utilizes in its day-to-day operations, there may be several opportunities to fortify your data using multi-factor authentification.
Electronic Health Record (EHR) software: Your EHR holds various kinds of valuable PHI, including credit card data, insurance coverage information, and session notes. Check to see if your EHR has MFA capabilities and set it up as soon as possible.
Client portals: A client portal is an increasingly popular tool used to create a seamless and positive client experience in all aspects of their care. Client portals can help facilitate client-provider communications, manage online appointment scheduling, and store uploaded client documentation such as intake forms and Releases of Information (ROI). Having clients complete MFA measures upon signing into their portal adds another layer of security for this sensitive information.
Telehealth platforms: More than half of all therapy sessions take place remotely. If you utilize a telehealth platform, MFA can ensure that only authorized parties are able to access your sessions.
Multi-factor authentification may add a few seconds to your login process, but knowing that your data is safe from cyberattack is invaluable. As technology continues to evolve, it's more important than ever that mental health providers stay vigilant in their commitment to PHI protection.
Empathic Software is a HIPAA-compliant EHR and mental health billing company that utilizes multi-factor authentification as one of several security measures. If you're interested in learning more about protecting your practice with Empathic, contact our team today for a free consultation.
Comments