Security Safeguards
Multi-Factor Authentication (MFA)
Requiring two or more independent factors to verify a user's identity.
Multi-Factor Authentication (MFA) requires a user to present two or more independent credentials, typically something they know (a password), something they have (a device or token), or something they are (a biometric), before access is granted.
While HIPAA does not name MFA explicitly, it is a widely expected control for satisfying authentication requirements and protecting ePHI, because it dramatically reduces the risk from stolen or guessed passwords.