Skip to main content

Two factor authentication

Answered
Follow
Zankhana Smith

Are there plans to put two-factor authentication in place to secure the therapist's account in addition to using a password?

3

Comments

3 comments

Date Votes
  • Sara

    Hi Zankhana,

    I see that you were able to call our Customer Success team and receive an answer on this question.

    Two-factor authentication is something that does appear on our Ideas and Suggestions board quite often. We highly encourage our SimplePractice Community to post and vote on feedback so that we can continue to improve our platform.

    0
    Comment actions Permalink
  • Keith Elias

    Zankhana brings up a really good point.  I am a clinician who prides myself on keeping my client's data as secure as possible (using encrypted email such as Paubox or Virtru, etc).  I recently started my trial of Simple Practice (currently using Therapy Notes and Therapy Appointment, both programs use two-factor authentication).  While there are pros and cons to many of these systems, I was very surprised to see Simple Practice not using two-factor authentication.  It otherwise seems like a solid program and serves many of my needs lacking in the other two programs I have been using, however, I am not so sure this is a compromise I will be able to make when my trial period ends.  It is concerning, as my paid Google Workspace account also uses two-factor authentication.  It does not sound to me as if this should be a feature to be voted upon, but implemented as best practice (or giving it as an option, at a minimum).  I would be very surprised if this area of the HIPAA security rule would not be explored should there ever be a breach (risk analysis of the practice).  Perhaps there is something the developers of Simple Practice can explain that I am not aware of?

    From the link below:

    https://www.healthit.gov/sites/default/files/briefs/oncdatabrief32_two-factor_authent_trends.pdf

    "The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to
    verify that a person seeking access to electronic protected health information (ePHI) has
    authorization (1). Two-factor authentication can satisfy this HIPAA requirement."

    Additional information:

    https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf

    3
    Comment actions Permalink
  • Sara Schoenhorn LCSW

    Please add two factor authentication!  I am concerned about possible data breaches without it.  Cyber criminals seem to get better and better at their ability to hijack programs and data.  Thank you.

    2
    Comment actions Permalink

Post is closed for comments.

Didn't find what you were looking for?

New post