Get Live Chat Request a Callback Get live demo

Multi-factor authentication will soon be available everywhere your patients’ personal health information can be accessed.

Over the next few months, we’ll be adding multi-factor authentication (MFA) as a new step in the login process to our platform for you and your patients. “Multi-factor” means you and your patients will be required to provide two or more verification factors to gain access to any AdvancedMD technology. This security measure adds an extra layer of protection for account login credentials and healthcare data.

Practice & Patient-side Multi-factor Authentication

You trust us to keep your practice’s clinical and financial data secure. It’s why we stay on the forefront of security innovation. This extra level of security is an added benefit to both you and your patients. Here’s how MFA is being implemented for you and your patients.

All AdvancedMD technologies you and your staff utilize are part of the MFA rollout. Using MFA within AdvancedMD has been an optional feature for our clients up to now. Coming this Summer 2021, you will be prompted and required to take steps to set up your MFA. Technologies include all desktop applications as well as mobile.

In the weeks ahead, when patients log in to your online portal, they will be prompted to take steps to set up their MFA.

Information Security Management

AdvancedMD operates an information security management program that generally adheres to ISO 27001 standards. This program consists of a multidisciplinary risk management approach to continually refine our security posture. We include multiple layers of protection in AdvancedMD products and business processes, as well as technical infrastructures.

Annual Risk Assessment

Risk assessments are conducted at least yearly on the AdvancedMD infrastructure, business processes and other areas where ePHI could be disclosed. Findings from such assessments are used to make risk management decisions on how to reduce risk to an acceptable level. Risk assessment processes focus on areas of the business and technology operations where ePHI may be vulnerable to unauthorized access, disclosure, destruction or other loss of confidentiality, integrity or availability.

Results from risk assessments are grouped into findings that are then classified and categorized by level of risk. The determination of risk takes into account the information gathered and determinations made by analyzing the likelihood of a threat and the resulting impacts of a threat. Findings are then grouped into risk issues and are documented and tracked through to an acceptable remediation.

Man on a laptop and tablet viewing a statistic

Security Program Overview

We assign security responsibility to dedicated security and privacy officers. A cross-department compliance committee meets regularly to ensure compliance with all applicable laws and regulations (including HIPAA/HITECH and Meaningful Use). We document HIPAA policies and procedures. We require employee-wide HIPAA and security awareness training.

Technical Safeguards

We employ multiple layers of technical safeguards in our security. These include hardened network and operating systems, DMZs (multi-tiered firewalls and routers), intrusion detection systems (IDS), deep packet inspection (DPI) technologies, system policy and configuration management solutions, data loss prevention (DLP) technologies, secure, encrypted electronic communications, access, utilization, audit and event monitoring, logging and trend correlation, encryption of all transmitted information, network and application vulnerability scanning, application penetration testing, technical security assessments (internally and by 3rd parties), identity management, virus protection, and technical security training and awareness.

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›
Estaban Lavato, MD - La Loma Medical Center

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›