In Denmark, we use NemID or MitID to digitally identify ourselves almost everywhere. The same applies in several workplaces. Health professionals, i.e., medical centers, hospitals, psychologists, etc., have been able to access systems by only entering a username and password. However, according to the Danish Agency for Digitization’s National Standard for Identity Security Levels (NSIS), health professionals must use multi-factor authentication by the end of 2022 to increase safety.
"It’s an excellent initiative and of course necessary. But how do you manage to access systems 50 times a day and spend extra time on identification without taking time away from patients? That is the question that management and employees ask themselves. Today, clinicians in a hospital spend up to 65% of their working day on tasks that are not patient-oriented," says Thomas Lehmann, Head of Digital Health, Danoffice IT.
The same scenario is played out in the municipalities. If you sit behind the screen most of the day, you can use the mobile phone, which is the most frequent method of multi-factor authentication. Employees log on in the morning and when they return to the screen after a meeting or lunch break. But a home helper or care assistant who looks after patients and the elderly in their homes must identify themselves many times during the day. And to identify yourself with two separate mobile devices, which is what NSIS requires, is very difficult.
Employees Must Be ID Verified
Conecto is rolling out multi-factor authentication at Danish hospitals based on no-password technologies. FIDO2 is a new ID card that authenticates employees in less than one second. All it takes is a beep and a PIN code.
"This new ID card resembles MitID as you have to prove who you are. There must be a burden of proof. Therefore, most workers must use their private NemID or MitID before receiving the card. This boost security immensely when they access patients’ sensitive data," says Thomas Lehmann.
The new requirement for multi-factor authentication in the health service alone affects 250,000 people in Denmark. And it will, according to Thomas Lehmann, set a precedent for jobs in other sectors.
"The requirements for security will continue to increase, but new technologies will be developed to handle authentication quickly and easily. The major problem is, in fact, if IT does not listen to the needs of the users and therefore does not implement a solution that is at eye level with IT users. The result will be that they find shortcuts and bypass safety. It's human nature and common in a busy work environment," he says.