The Smart Card Alliance is urging the Department of Health and Human Services to have organizations that provide personal health records offer two-factor authenication to consumers so they can securely access the information.

These strong authentication options, such as smart cards, tokens or one-time password devices, should be required in order to access information in electronic personal health records.

Using a combination of something you know —username/password or personal identification number— along with something you have, such as a smart card or hardware token, and something you are —a biometric such as a fingerprint— will provide high assurance that the person is who he or she claims to be.

---

Related articles:

Health Care’s Identity Crisis Smart Health Cards: HIPAA and Beyond Card technology in healthcare: HIPAA and beyond