On September 1st, two-factor authentication (aka multi-factor authentication) for practice users will no longer be optional. In conjunction with the updated user creation policy, 2FA/MFA helps protect you from an unknown person accessing your most valuable information – your patient health records.
To ensure a smooth transition, please make sure all users have an email and/or a cell phone number in their profile under Resource Setup. If you have not already started using 2FA/MFA in your practice, you will be prompted to reset your password on your first login using the new system. Have your current password on hand, as you will need it to create a new password.
Below you will find a webinar, infographic and FAQs. For assistance or more information regarding 2FA/MFA, please contact your account manager.
Two-Factor Authentication Webinar
We recently held three live webinar sessions that discussed 2FA/MFA and how it will impact your practice. View the on demand webinar if you were unable to attend.
If you have any questions that were not answered during the recorded session, please reach out to accountmanagement@wrshealth.com.
Click Image to View Webinar
Frequently Asked Questions
Q: Is two-factor authentication (2FA) mandatory?
Yes, due to an upcoming ONC security requirement, two-factor authentication is mandatory to gain access into the EHR.
Q: How does two-factor authentication work?
Pairing your standard login credentials with the verification code sent to your email or cell phone, you will be able to login securely into the EHR.
Q: Can the two-factor step be bypassed?
No, in order to gain access to the system you will need to utilize 2FA once per day.
Q: If my practice doesn’t have SMS can I still request codes via SMS?
Yes, so long as the practice user has a cell phone number on file, they will be able to receive codes via SMS.
Q: How do I log into multiple computers for one user?
Each device upon initial log in will require a code.
Q: Can I reuse codes?
No, codes cannot be reused. The codes become invalid:
- if not used within 5 minutes of receipt
- immediately upon use
Q: What if multiple users use one device? Do we all need a code each time?
If using the same device, each user only needs a code upon their initial log in for the day.
Q: How many times per day per device do I need to enter in a code?
One code is needed per user per device per day.
Q: How long is the code valid for?
Upon receipt of the code, you have 5 minutes to enter it into the system. It will remember your device for 18 hours.
Q: What if I don’t have access to my cell phone for the code via SMS?
You can opt for the code to be sent via email.
2FA Infographic
