As your trusted partner in whole person care, Fullscript has always made protecting practitioner and patient data a top priority. This means constantly looking at our platform and implementing best-in-class security measures over the years. Fullscript is committed to going above and beyond to help keep the information from you and your patients safe.
Here’s a quick look at some of the standards and protocols we’ve committed to:
- SOC 2 Type II Compliance: Demonstrating our commitment to managing your data securely and protecting the privacy of sensitive information.
- PCI/DSS Compliance: Ensuring secure payment processing and protecting financial information.
- Independent HIPAA Assessments: Regular evaluations to ensure we meet HIPAA standards for protecting patient health information.
- Regular Third-Party Security Testing: Partnering with independent experts to identify and mitigate potential vulnerabilities.
The pivot to mandatory Multi-Factor Authentication (MFA)
As part of our mission to go above and beyond modern security protocols, Fullscript is introducing mandatory multi-factor authentication (MFA) for all practitioner and clerk accounts by early 2025.This added layer of protection greatly enhances account security and further safeguards your practice and patient data.
MFA is a proactive step forward, aligning with industry best practices and showing our commitment to being a responsible partner for your practice. MFA has been available to you on Fullscript for some time, but is now mandated We’ve added functionality to the MFA experience that maintains the high security standards, while providing customers with convenience and speed, including the ability to verify with multiple methods like email and text message, as well as a “trust this device” option — limiting the need to verify every time.
MFA: A small step with big security benefits
Multi-factor authentication (MFA) significantly reduces the risk of unauthorized account access, even if your password becomes compromised outside of our system. It combines something you know (your password) with something you have (a device), adding an additional barrier for potential threats.
- Over 99.99% of MFA-enabled accounts remain secure during security investigations.
- MFA reduces the risk of compromise by over 99%, even in cases where credentials have been leaked.
By enabling MFA, you’re making a small change that delivers major security benefits for you and your patients.
FAQ: Fullscript’s New MFA Requirement
What is MFA, and how does it work?
MFA is a Multi-Factor Authentication process. After entering your password, you’ll verify your identity using a unique code sent to your mobile device or verification app. This will be prompted instantly upon sign in, and the entire verification process takes seconds.
How long does it take to set up?
Setting up MFA typically takes less than two minutes. The process is simple and guided step-by-step within your Fullscript account. For more information, see our step-by-step guide.
What happens if I don’t set up MFA by my cutoff date?
In the New Year, we’ll be rolling this mandatory requirement out to our customers. Once it becomes mandatory for you, you won’t be able to access your Fullscript account until MFA is enabled. We will notify you by email to notify you of your enrollment date.
Can I opt out of MFA?
MFA will be mandatory for all Fullscript practitioner and clerk accounts. We are taking proactive measures to ensure we’re aligned with robust security standards, keeping the protection of sensitive practitioner and patient data our top priority.
What if I lose access to my MFA device?
If you lose access to your MFA device, you can recover your account by following the recovery steps provided in the login screen or contacting our support team.
Can I set something up to avoid going through authentication every time I log in?
Yes, Fullscript offers a “trust this device” option. When enabled, this feature allows you to skip the MFA process on that device in the future. However, you will still need to log in with your password to maintain security.
What types of MFA options are available?
Fullscript supports two MFA methods, including:
- SMS: We’ll send a text with a verification code to the number associated with the account.
- Verification app (recommended): Download a verification app, such as Google Authenticator, Microsoft Authenticator, LastPass Authenticator, Twilio Authy Authenticator, etc. to receive one-time login codes.
- Email: You’ll receive a one-time code to the primary email associated with your account. This code will need to be entered into the authenticator when logging in to Fullscript
Will it be mandatory for patients to set up MFA?
Patients currently have access to MFA. We’re starting this mandatory process with our practitioner and clerk customers first.
Can I set up 2-step verification for my staff or my patients?
No, each user — whether it’s a sub-practitioner or a clerk using a staff account — will each need to set up MFA for their own accounts.
How do I enable MFA on my Fullscript account?
Follow the step-by-step instructions in our support article.
Other best practices for securing your accounts
Here are some tips for enhancing security across all your online accounts, including Fullscript:
- Use strong password strategies: Make passwords long, random, and unique. Avoid reusing passwords across multiple platforms. We recommend leveraging a password manager to help you use and remember strong passwords.
- Enable MFA Everywhere: Activate MFA for any account that offers it, especially email, financial, and healthcare accounts.
- Keep Software Updated: Regularly update your device and application software to address security vulnerabilities.
- Beware of Phishing Attempts: Never click on suspicious links or provide login credentials to unverified sources.
- Monitor Your Accounts: Regularly review your account activity for any unusual behavior.
For more guidance, visit CISA’s guide to MFA.
Need help? If you have questions or need technical support for enabling MFA on your Fullscript account, visit our support article or contact our support team for assistance.
Together, we can keep your information secure
Thank you for taking these steps with us to help ensure you and your patients’ information stays protected. We’re always looking for ways to stay aligned with the latest security standards and will keep you informed along the way.