Scheduled Outage: Scheduled Outage: The HCAI system will be unavailable from 5:00 p.m. (EDT) September 30 to 8:00 a.m. (EDT) October 3.
Scheduled Outage: Scheduled Outage: The HCAI system will be unavailable from 5:00 p.m. (EDT) September 30 to 8:00 a.m. (EDT) October 3.
Health Care Facility | Insurers | Related Initiatives  

HCAI Two-Factor Authentication Coming Soon / March 29, 2022


This is an important bulletin to advise you that HCAI is implementing two-factor authentication to continue our focus on maturing HCAI security.

What is Two-Factor Authentication?

Two-Factor Authentication is an electronic authentication method in which a user must present multiple pieces of evidence to gain access to an application.

For HCAI, this additional piece of authentication will initially apply only to Insurer User Administrators who are logging in to the HCAI application. After a User Administrator logs in to HCAI with their user name and password, they will be prompted to enter a verification code. The single-use verification code will be sent to the email address that is associated with their HCAI user account. This will occur each time they log in to the HCAI application.

If the single-use verification code is entered incorrectly, the user must click on the home page link and begin the login process again. Upon entering the correct user name and password, a new single-use verification code will be emailed to the user.

Two-factor authentication will be enabled the first week of April.

How User Administrators can Prepare

  • Ensure your user account’s email address is correct: Use the Manage tab > User Management subtab to search for your user account and ensure the email address is accurate. If required, you can update the email address before two-factor authentication is enabled in April. Step-by-step instructions are available on the Updating User Information page.
  • Ensure that you can receive system-generated emails from systemdelivery@hcai.ca. Some email providers block these emails, which will prevent you from receiving the verification code required to sign in when two-factor authentication goes live. You may wish to reach out to your IT team to ensure this email address is considered a “safe sender”.
  • Test whether you can receive system-generated emails: An easy way to test this is by going to the HCAI Sign-In page and clicking “Forgot your User Name?”. You can then enter your email address, and you will receive a system-generated email containing the user names associated to that email address. If you successfully receive the email, it means you should be able to receive the verification codes when two-factor authentication goes live. If you do not receive the email, reach out to your IT team for help before two-factor authentication goes live in April.

To generate a list of users who have the User Administrator role at your company, ask one of your HCAI User Administrators to go to the Manage tab > User Management subtab, check off “Active” and “Insurer User Administrator” and press Search. Click the Download Report button to download a spreadsheet of User Administrators and the email addresses that are associated with their account.