News / Article

Two-Factor Authentication Goes into Effect

Rochester RHIO’s participants are required to provide two-factor, or multi-factor, authentication when logging into the Provider Portal. As a qualified entity (QE) of the SHIN-NY (Statewide Health Information Network of New York), this is a policy requirement from the New York State Department of Health. The change fulfills NYS' requirement that a Qualified Entity, like Rochester RHIO, authenticate platform users to the NIST Identity Assurance Level 2 (IAL 2).
Who is affected?
All RHIO Provider Portal users. RHIO Administrators and Data IT Administrators were enrolled last week as the first target group. The remaining Provider Portal users will be enrolled over the next few weeks. Once enabled for two-factor authentication, users are prompted to enroll with an authenticator application and enter a secondary code to launch into the portal.
Which authenticator code applications are acceptable?
The authenticator code applications supported by Rochester RHIO are Google Authenticator, Cisco Duo, Authy, and Microsoft Authenticator. Any other applications may be used as long as they accept a QR code or secret key for enrollment.
Are there other alternatives?
As an alternative, Rochester RHIO is offering a Trusted Site Program. Organizations that are interested will go through a security assessment and if approved, Rochester RHIO works with the organization to set up alternate authentication to log in to the Provider Portal from a trusted IP Address. Fees are associated with Trusted Site participation and annual re-attesting is required.
For more information on the Trusted Site Program, contact your Regional Account Manager directly. For additional two-factor authentication information, contact RHIO Support at 1-877-865-RHIO.