{"id":50053,"date":"2019-02-20T00:00:00","date_gmt":"2019-02-20T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/"},"modified":"2023-08-25T13:57:46","modified_gmt":"2023-08-25T13:57:46","slug":"two-factor-authentication-a-top-priority-for-hipaa-compliance","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761","title":{"rendered":"Two-Factor Authentication: A Top Priority for HIPAA Compliance"},"content":{"rendered":"<p>The traditional login process with a <a href=\"\/definition\/4153\/username\" target=\"_blank\">username<\/a> and <a href=\"\/definition\/4042\/password\" target=\"_blank\">password<\/a> is insufficient in an increasingly hostile healthcare data environment. <a href=\"\/definition\/13699\/twofactor-authentication\" target=\"_blank\">Two-factor authentication<\/a> (2FA) has become increasingly important. While the technology is not mandatory under <a href=\"\/definition\/2911\/health-insurance-portability-and-accountability-act-hipaa\" target=\"_blank\">HIPAA<\/a>, HIPAA Journal noted that it is a smart way to go from a compliance perspective \u2013 actually <a href=\"https:\/\/www.hipaajournal.com\/hipaa-password-requirements\/\" target=\"_blank\" rel=\"noopener noreferrer\">calling the method<\/a> &#8220;the best way to comply with the HIPAA password requirements.&#8221; (To learn more about 2FA, see <a href=\"\/2\/29369\/security\/the-basics-of-two-factor-authentication\" target=\"_blank\">The Basics of Two-Factor Authentication<\/a>.)<\/p>\n<p>An interesting thing about 2FA (sometimes expanded into <a href=\"\/definition\/13657\/multi-factor-authentication-mfa\" target=\"_blank\">multi-factor authentication<\/a>, MFA) is that it is in place at many healthcare organizations \u2013 but for other forms of compliance, including the Drug Enforcement Administration&#8217;s <a href=\"https:\/\/www.deadiversion.usdoj.gov\/ecomm\/e_rx\/faq\/practitioners.htm\" target=\"_blank\" rel=\"noopener noreferrer\">Electronic Prescription for Controlled Substances Rules<\/a> and the <a href=\"https:\/\/www.pcisecuritystandards.org\/document_library\" target=\"_blank\" rel=\"noopener noreferrer\">Payment Card Industry Data Security Standard<\/a> (PCI DSS). The former is the basic guidelines to be used in prescribing any controlled substances electronically \u2013 a set of rules that is parallel to the HIPAA Security Rule in specifically addressing technological safeguards to protect patient information. The latter is actually a payment card industry regulation that governs how any data associated with card payments must be protected to avoid fines from major credit card companies.<\/p>\n<p>The EU&#8217;s <a href=\"\/definition\/32263\/general-data-protection-regulation-gdpr\" target=\"_blank\">General Data Protection Regulation<\/a> draws the concern with 2FA into even greater focus throughout the industry, given its additional oversight and fines (and its applicability to any organization that handles European individuals&#8217; personal data).<\/p>\n<h2><span id=\"2fa_long_trusted_by_federal_regulators\">2FA Long Trusted by Federal Regulators<\/span><\/h2>\n<p>Two-factor authentication has been recommended by the HHS Department&#8217;s Office for Civil Rights (OCR) for many years. In 2006, the HHS was already recommending 2FA as a best practice for <a href=\"https:\/\/www.atlantic.net\/hipaa-compliant-hosting\/hipaa-compliance-e-book\/\" target=\"_blank\" rel=\"noopener noreferrer\">HIPAA compliance<\/a>, naming it as the first method to address the risk of password theft which could, in turn, lead to the unauthorized viewing of ePHI. In a December 2006 document, <a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/ocr\/privacy\/hipaa\/administrative\/securityrule\/remoteuse.pdf?language=es\" target=\"_blank\" rel=\"noopener noreferrer\">HIPAA Security Guidance<\/a>, the HHS suggested that the password theft risk is addressed with two key strategies: 2FA, along with the implementation of a technical process for the creation of unique usernames and <a href=\"\/definition\/342\/authentication\" target=\"_blank\">authentication<\/a> of remote employee access.<\/p>\n<h2><span id=\"study_two-factor_authentication_underused_for_hipaa\">Study: Two-Factor Authentication Underused for HIPAA<\/span><\/h2>\n<p>The Office of the National Coordinator for Health Information Technology (ONC) has shown its specific concern with this technology through its &#8220;ONC Data Brief 32&#8221; from November 2015, which covered adoption trends of 2FA by acute-care hospitals around the country. The report was on how many of these institutions had the capability for 2FA (i.e., the <em>capability<\/em> for the user to adopt it, as opposed to a <em>requirement<\/em> for it). At that point, in 2014, it certainly made sense that the regulators were pushing it, given that less than half the study group had it implemented, although with numbers rising:<\/p>\n<p>\u25cf 2010 \u2013 32%<\/p>\n<p>\u25cf 2011 \u2013 35%<\/p>\n<p>\u25cf 2012 \u2013 40%<\/p>\n<p>\u25cf 2013 \u2013 44%<\/p>\n<p>\u25cf 2014 \u2013 49%<\/p>\n<p>Certainly, 2FA has been more widely adopted since that point \u2013 but it is not ubiquitous.<\/p>\n<h2><span id=\"2fa_documentation_is_required\">2FA Documentation IS Required<\/span><\/h2>\n<p>Another aspect that is important to note is the need for paperwork \u2013 which is critical if you end up getting investigated by federal auditors while also fulfilling <a href=\"\/definition\/16522\/risk-analysis\" target=\"_blank\">risk analysis<\/a> requirements, provided that you include that discussion. Documentation is necessary since the password rules are listed as <em>addressable<\/em> \u2013 meaning (as ridiculous as it may sound) to provide documented reasoning for using this best practice. In other words, you do not have to implement 2FA but must explain why if you do.<\/p>\n<h2><span id=\"2fa_software_does_not_itself_need_hipaa_compliance\">2FA Software Does Not Itself Need HIPAA Compliance<\/span><\/h2>\n<p>One of the biggest challenges with 2FA is that it is inherently inefficient since it adds a step to a process. Actually, though, the concern that 2FA slows healthcare down has been allayed, to a great deal, by the surge of <a href=\"\/definition\/4106\/single-sign-on-sso\" target=\"_blank\">single sign-on<\/a> and <a href=\"\/definition\/2439\/lightweight-directory-access-protocol-ldap\" target=\"_blank\">LDAP<\/a> integration functions for integrated authentication between healthcare systems.<\/p>\n<p>As noted in the header, 2FA software itself does not (humorously enough, since it&#8217;s so critical to compliance) need to be HIPAA-compliant since it transmits <a href=\"\/definition\/12128\/personal-identification-number-pin\" target=\"_blank\">PINs<\/a> but not <a href=\"\/definition\/25025\/protected-health-information-phi\" target=\"_blank\">PHI<\/a>. While you can choose alternatives in lieu of two-factor authentication, top divergent strategies \u2013 <a href=\"https:\/\/www.techopedia.com\/password-manager\/best-password-managers\">password management tools<\/a> and policies of frequent password changes \u2013 are not as easy a way to comply with HIPAA password requirements. &#8220;Effectively,&#8221; noted HIPAA Journal, &#8220;Covered Entities never need to change a password again&#8221; if they implement 2FA. (For more on authentication, check out <a href=\"\/2\/31957\/trends\/big-data\/how-big-data-can-secure-user-authentication\" target=\"_blank\">How Big Data Can Secure User Authentication<\/a>.)<\/p>\n<h2><span id=\"hipaa_objective_ongoing_risk_mitigation\">HIPAA Objective: Ongoing Risk Mitigation<\/span><\/h2>\n<p>The importance of using strong and experienced hosting and <a href=\"\/definition\/143\/managed-service-provider-msp\" target=\"_blank\">managed service providers<\/a> is underscored by the need to go beyond 2FA with a comprehensive compliant posture. That&#8217;s because 2FA is far from infallible; ways that <a href=\"\/definition\/3805\/hacker\" target=\"_blank\">hackers<\/a> can get around it <a href=\"https:\/\/www.infosecurity-magazine.com\/blogs\/healthcare-rely-2fa\/\" target=\"_blank\" rel=\"noopener noreferrer\">include the following<\/a>:<\/p>\n<p>\u25cf Push-to-accept <a href=\"\/definition\/4015\/malicious-software-malware\" target=\"_blank\">malware<\/a> that pummels users with \u201cAccept\u201d messages until they finally click it in frustration<\/p>\n<p>\u25cf SMS one-time password scraping programs<\/p>\n<p>\u25cf <a href=\"\/definition\/33521\/sim-swap-scam\" target=\"_blank\">SIM card fraud<\/a> via <a href=\"\/definition\/4115\/social-engineering\" target=\"_blank\">social engineering<\/a> to port phone numbers<\/p>\n<p>\u25cf Leveraging mobile carrier networks for voice and SMS interception<\/p>\n<p>\u25cf Efforts that convince users to click bogus links or log into <a href=\"\/definition\/4049\/phishing\" target=\"_blank\">phishing<\/a> sites \u2013 handing over their login details directly<\/p>\n<p>But do not despair. <a href=\"https:\/\/www.gillware.com\/data-recovery-company\/2fa-cyberspace-safety\/\" target=\"_blank\" rel=\"noopener noreferrer\">Two-factor authentication is just one<\/a> of the methods you need in place to meet the parameters of the Security Rule and maintain a HIPAA-compliant ecosystem. Any steps taken to better protect information should be seen as risk mitigation, continually bolstering your efforts at confidentiality, availability, and integrity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The traditional login process with a username and password is insufficient in an increasingly hostile healthcare data environment. Two-factor authentication (2FA) has become increasingly important. While the technology is not mandatory under HIPAA, HIPAA Journal noted that it is a smart way to go from a compliance perspective \u2013 actually calling the method &#8220;the best [&hellip;]<\/p>\n","protected":false},"author":7767,"featured_media":50054,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"no","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[548,583,560],"tags":[],"category_partsoff":[],"class_list":["post-50053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-healthcare-it","category-privacy-and-compliance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v23.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Two-Factor Authentication: A Top Priority for HIPAA Compliance - Techopedia<\/title>\n<meta name=\"description\" content=\"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Two-Factor Authentication: A Top Priority for HIPAA Compliance\" \/>\n<meta property=\"og:description\" content=\"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-20T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-25T13:57:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marty Puranik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marty Puranik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\"},\"author\":{\"name\":\"Marty Puranik\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f8533b2216aef6b038a70db8ef906121\"},\"headline\":\"Two-Factor Authentication: A Top Priority for HIPAA Compliance\",\"datePublished\":\"2019-02-20T00:00:00+00:00\",\"dateModified\":\"2023-08-25T13:57:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\"},\"wordCount\":852,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\",\"url\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\",\"name\":\"Two-Factor Authentication: A Top Priority for HIPAA Compliance - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg\",\"datePublished\":\"2019-02-20T00:00:00+00:00\",\"dateModified\":\"2023-08-25T13:57:46+00:00\",\"description\":\"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg\",\"caption\":\"CreativaImages\/iStockphoto\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Two-Factor Authentication: A Top Priority for HIPAA Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"width\":209,\"height\":37,\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f8533b2216aef6b038a70db8ef906121\",\"name\":\"Marty Puranik\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/marty-puranik.png\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/marty-puranik.png\",\"caption\":\"Marty Puranik\"},\"description\":\"Marty Puranik co-founded Atlantic.Net from his dorm room at the University of Florida in 1994. As CEO and President of Atlantic.Net, one of the first Internet Service Providers in America, Marty grew the company from a small ISP to a large regional player in the region, while observing America's regulatory environment limit competition and increase prices on consumers. To keep pace with a changing industry, over the years he has led Atlantic.Net through the acquisition of 16 Internet companies, tripling the company's revenues and establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting before the mainstream did, Atlantic.Net has expanded to eight data centers in three countries.\",\"sameAs\":[\"https:\/\/www.atlantic.net\/\"],\"knowsAbout\":[\"CEO and President of Atlantic.Net\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/marty-puranik\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Two-Factor Authentication: A Top Priority for HIPAA Compliance - Techopedia","description":"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761","og_locale":"en_US","og_type":"article","og_title":"Two-Factor Authentication: A Top Priority for HIPAA Compliance","og_description":"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.","og_url":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2019-02-20T00:00:00+00:00","article_modified_time":"2023-08-25T13:57:46+00:00","og_image":[{"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg","width":1,"height":1,"type":"image\/jpeg"}],"author":"Marty Puranik","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"Marty Puranik","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761"},"author":{"name":"Marty Puranik","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f8533b2216aef6b038a70db8ef906121"},"headline":"Two-Factor Authentication: A Top Priority for HIPAA Compliance","datePublished":"2019-02-20T00:00:00+00:00","dateModified":"2023-08-25T13:57:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761"},"wordCount":852,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761","url":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761","name":"Two-Factor Authentication: A Top Priority for HIPAA Compliance - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg","datePublished":"2019-02-20T00:00:00+00:00","dateModified":"2023-08-25T13:57:46+00:00","description":"Although two-factor authentication is not required for HIPAA, it can help pave the way to HIPAA compliance.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/computer-electronics-laptop-pc-keyboard-console-1.jpg","caption":"CreativaImages\/iStockphoto"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/two-factor-authentication-a-top-priority-for-hipaa-compliance\/2\/33761#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Two-Factor Authentication: A Top Priority for HIPAA Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","width":209,"height":37,"caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f8533b2216aef6b038a70db8ef906121","name":"Marty Puranik","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/marty-puranik.png","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/marty-puranik.png","caption":"Marty Puranik"},"description":"Marty Puranik co-founded Atlantic.Net from his dorm room at the University of Florida in 1994. As CEO and President of Atlantic.Net, one of the first Internet Service Providers in America, Marty grew the company from a small ISP to a large regional player in the region, while observing America's regulatory environment limit competition and increase prices on consumers. To keep pace with a changing industry, over the years he has led Atlantic.Net through the acquisition of 16 Internet companies, tripling the company's revenues and establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting before the mainstream did, Atlantic.Net has expanded to eight data centers in three countries.","sameAs":["https:\/\/www.atlantic.net\/"],"knowsAbout":["CEO and President of Atlantic.Net"],"url":"https:\/\/www.techopedia.com\/contributors\/marty-puranik"}]}},"modified_by":"Amy Clark","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/50053"}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7767"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=50053"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/50053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/50054"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=50053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=50053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=50053"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=50053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}