Duo’s Two-Factor: Easier than Tokens
One of Duo Security’s first customers includes the Central Ohio Primary Care Physicians (COPCP) medical group. As one of the largest physician-owned primary care groups in the United States, COPCP includes nearly 200 outpatient providers and 50 hospitalists.
With so many different locations and employees, the medical group needed a way to protect remote access to their systems and patient data. To overcome this security challenge, they turned to Duo Security’s two-factor authentication solution.
Duo’s Two-Factor: Easier than Tokens
Mike, one of COPCP’s former physicians and owners, called Steve, their former CIO, to rave about his experience switching to Duo’s two-factor authentication solution from a token-based solution. Watch the video above to hear the voicemail, and read the voicemail transcribed:
Steve (former CIO) this is Mike (former Physician & Owner) calling.
I did switch to that Trusted Path and used it today...and it worked perfect...and you're right, it was easy to do.
It looks like it was a good move..easier than that token. Ok, thanks again for your help. Talk to you later.
Trusted Path was an internal name for Duo’s two-factor solution. Steve remarked on how unusual it was for physicians to call out a specific security technology for their ease of use - Duo Security’s two-factor was a first! Duo’s two-factor makes it easy for end users to authenticate, without disrupting workflows.
Ease of Usability
One issue that physicians face with using two-factor is ease of usability. Physicians don’t want to carry around extra physical devices, especially when working at multiple locations, with each location requiring a unique device to authenticate.
By using Duo’s two-factor solution, physicians only need one device - their personal phones - to authenticate across multiple locations. With Duo Mobile, our free mobile app, authenticating is as easy as pressing the Approve button on a push notification (Duo Push).
Although Duo supports a variety of authentication methods, Duo Push offers an option to eliminate the need to carry around hardware tokens, or type in passcodes or wait for a phone call to verify user identity.
Two-Factor for HIPAA Compliance
Two-factor authentication can also help your healthcare organization meet HIPAA compliance by satisfying federal requirements to:
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. - 164.312(d) Technical Safeguards of the Security Standards for the Protection of ePHI, HHS.gov
Within the HIPAA Security Rule recommendations for mitigating loss or theft of login data, the Dept. of Health and Human Services also specifically suggests that healthcare organizations implement two-factor authentication for granting remote access to systems (HIPAA Security Rule Guidance for Remote Use (PDF), HHS.gov).
To read more about Duo Security’s successful implementations with various different clients spanning the healthcare, tech, retail, academic and other industries, visit Success Stories.