Two-Factor Authentication (2FA) for the U of U Health Plans Provider Portal is critical for protecting sensitive data and Protected Health Information (PHI), ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA), building trust with members, and providing additional defense against phishing and compromised credentials.
PROTECTING SENSITIVE DATA
Health records are among the most valuable targets for cybercriminals, as they contain a wealth of personal and financial information. 2FA adds a necessary layer of security to safeguard members' PHI from unauthorized access.
Proactively protecting member data with strong security measures like 2FA reassures patients that their sensitive information is being handled responsibly, which helps maintain confidence in the organization.
Even if an individual falls for a phishing scam and a hacker obtains their username and password, the hacker cannot log in without the second factor (e.g., a one-time code sent to the individual's phone). 2FA is an effective safeguard against automated cyberattacks.
The majority of data breaches are the result of poor password practices or stolen credentials. 2FA makes stolen passwords useless on their own.
WHAT IS 2FA?
2FA adds an extra layer of security by requiring users to verify their identity using two methods: something they know (like a password) and something they have (like access to an email account or authentication app). This helps protect accounts even if the password is compromised.
The Provider Portal’s 2FA allows users to select a secondary method of authentication by receiving an email, an SMS/Text message, or using a third-party authenticator app such as Google Authenticator or Duo.
WHAT DO I NEED TO DO?
For Both Existing Users and New Users: When 2FA is enabled in the Provider Portal, you will be prompted to add or confirm your mobile number and email address. The prompt will appear immediately after successfully entering your username and password.
Select Your Authentication Method:
Text Messages (Optional), and/or
Email Authentication (Required)
Once you select a 2FA method, that method will be used for future logins.
NOTE: The setup screen will not be displayed for future logins unless 2FA is reset by or for the user.
WHAT HAPPENS NEXT?
Whether TEXT or EMAIL is selected, you will receive a message: “Please use security code XXXXXX to log in to your health plan portal account.”
The code will be a 6-digit number.
If there is a delay in entering the code, you can simply resend the authentication code.
UPDATING CONTACT INFORMATION
Once logged in, you can update the 2FA contact information by navigating to: RESOURCES > COMMUNICATION PREFERENCES > HEALTH PLAN COMMUNICATION PREFERENCES and selecting “Edit Contact Details.”
