What is MFA/2FA, and why is it mandatory?

In this guide, we will cover how to enable multi-factor authentication and why it is important for the security of PHI. Multifactor Authentication, or MFA/2FA for short, is the process of requiring two forms of authentication to log in. It typically combines something you know (like a password), something you have (such as a phone or authentication device), or something you are (like a fingerprint or facial recognition). MFA is important because it adds an extra layer of protection beyond just a password, making it much harder for unauthorized users to gain access, even if they have obtained one of your login credentials. This helps reduce the risk of data breaches and improves overall security.

 

What are the required steps to authenticate MFA using email and or text messages?

1. Log in to eClinicalWorks.

2. Click the user profile (your initials) and then click the gear icon. The User Profile window opens.

3. In the Email ID and Messenger (Mobile Number) fields, validate the information, and then

click the Verify button:



4. Once verified, ecw will be able to send a code to your email or cell phone. After your next login, you will be prompted to enter a code sent to you. Input the code you receive correctly, and you will be able to successfully log into the EMR.

 

What are the required steps to authenticate MFA using app-based authentication?

1. Log in to eClinicalWorks. A QR Code should appear in the security Verification window.

2. Scan the QR Code using the Google Authenticator App or the Microsoft Authenticator App. 

(These Apps can be downloaded from the Google Play Store for Android devices and the Apple App Store for iPhones.

 


3. A six-digit code should display on the app. In the Authentication Code field, enter the app-generated code and then click the Submit button.

4. Upon successful authentication, you should receive the following email at login:



5. Click “Yes, it’s me” to successfully log in. 

Note: If you receive this message and you were not trying to log in, click “No, It’s not me” and contact support@primarycarecoalition.org immediately.