I suggested this feature a few years ago but it seems that it hasn't been picked up. Weave provides access to medical records and works in a highly sensitive HIPAA environment. Multi-factor authentication support is a must to prevent attacks against employees.

Should a user account be compromised resulting in health data exfiltration, the responsibility will fall on Weave if it fails to provide minimum reasonable protection against ATO (account takeover) attacks.