An example of a level 4 e-authentication token would be using say cryptographic device to generate a one-time token after the user inputs a memorized/secret password. Given that this is a health portal we need to have adequate provisions that information shared by the provider (or patient) is indeed shared with the intended recipient only..