OCR urges implementation of robust authentication in healthcare

Healthcare organizations across the U.S. have been urged by the Department of Health and Human Services Office for Civil Rights to implement strong authentication measures in an effort to prevent data breaches and ensure continued compliance with the Health Insurance Portability and Accountability Act, reports HealthITSecurity. While the OCR called for the adoption of multi-factor authentication, it emphasized the importance of phishing-resistant MFA, which has been recommended by the Cybersecurity and Infrastructure Security Agency. Such an advisory comes after Banner Health had been fined by the OCR for failing to adequately secure protected health information. "HIPAA-regulated entities are required to implement authentication solutions of sufficient strength to ensure the confidentiality, integrity, and availability of their ePHI. A regulated entitys risk analysis should guide its implementation of authentication solutions to ensure that ePHI is appropriately protected. As a best practice, regulated entities should consider implementing multi-factor authentication solutions, including phishing-resistant multi-factor authentication, where appropriate to improve the security of ePHI and to best protect their information systems from cyberattacks," said the OCR.