This document discusses healthcare organizations' requirements to comply with HIPAA and HITECH regulations regarding access to electronic protected health information (EPHI). It notes that regulations are progressing towards requiring multi-factor authentication for EPHI access. Violations of HIPAA and HITECH can result in penalties up to $1.5 million per category. Over 95% of data breaches are due to exploitation of weak or stolen credentials. The document recommends organizations implement an active multi-factor authentication strategy to prepare for future requirements and reduce data breach risks. It introduces aPersona's Adaptive Security Manager as a solution designed to provide scalable and customizable multi-factor authentication aligned with transaction risk levels.