When is Therabill going to add two-factor authentication? I have been bringing this issue up for many years. Therabill is really behind the times on a basic security issue, which is shocking given that this is a medical platform requiring high security for hipaa compliance. All Therabill users are at risk should a bad actor get their hands on a password. I called about this and was told "Well Therabill is hipaa compliant," and while that may be true, everything that is achieved securitywise under hipaa becomes undone if a password gets out; despite this fact, Therabill is doing nothing to protect PHI under the simple yet common occurrence of a stolen password. How much longer are you going to put this off? I was also offered the "solution" of listing only certain IP addresses for users, but this is highly inconvenient for my staff and really doesn't address this basic security risk. Please note that Availity, which has long had 2FA, is now upping things to include use of an Authenticator app (see screenshot, attached). Why is Therabill so behind the times on this? Every other EHR I explore has this feature; however, I otherwise like Therabill and would prefer not to switch EHRs. Early this year I was told that this would be done in 2025; what is the update and when will this be added? All users should be concerned about this, and we need to be given a timeline by which this will be instituted.
WebPT may use your submission for any purpose without obligation or restriction of any kind.
WebPT Terms and Conditions WebPT Privacy Policy