If a hospital isn’t in acquisition mode it’s likely being acquired, and this drives the need to standardize and unify logos, technologies, processes and other organizational elements — including security. Numerous solutions are being developed to improve healthcare security, both on the hospital campus and at patients’ homes.
Throughout today’s healthcare organizations, various members of the security, information security (IS) and medical staffs are now working together to gain a much better understanding of the importance of coordinating and unifying physical and information security workflow, as well as such enhancements as tap authentication, biometrics and Electronic Visitor Verification (EVV). Increasingly, the same card that opens hospital doors is being used to access patient data and cloud-based healthcare applications, and hospitals are more closely aligning information security and safety functions while significantly improving their ability to meet compliance needs and protect patient privacy.
The Evolving Role of the Badge
The latest solutions support many access control applications on the same smart card — from access control for the parking lot, main door, emergency room and pharmacy to visual ID verification, time-and-attendance, payroll transactions and cafeteria purchases. They also enable the integration of visitor management systems to optimize badging efficiency as part of a complete solution that supports real-time patient feeds and Health Level Seven International (HL7) integration.
To protect information, access control systems now also deliver the new ability to “tap” in and out of computer applications, reducing the need for complex passwords and diminishing password fatigue in healthcare environments where it can require 20 or more logins each day in order to access the facility’s enterprise data and services. Instead, the user simply taps his or her ID card to a laptop, tablet, phone or other NFC-enabled device to easily and conveniently access network resources, cloud apps and web-based services. It is easier and more secure than using passwords, and faster and more seamless and convenient than using dedicated hardware one-time passwords (OTPs) and display cards or other physical devices.
Plus, there is the added benefit of being able to use the same card that opens doors to also access data and cloud-based applications. Tap authentication improves user convenience for opening doors and accessing data, while helping hospitals align information security and safety, meet compliance needs, and ensure that patient privacy is protected.
The Role of Biometrics
A new development on the horizon is biometrics, which is already playing a big role in how hospitals not only protect their facilities, but also register patients, manage visitors, protect patient information privacy, process payments, ensure accurate medicine dispensing and enhance caregiver workflow.
In general, hospitals are increasingly replacing dated and vulnerable authentication models with biometric authentication that makes it significantly easier to secure the premises, medical services, medicine and supplies while also ensuring that health information may only be accessed by authorized individuals.
A key biometrics development has been fingerprint biometrics solutions that are much easier to deploy across diverse healthcare settings, including rural clinics, outdoor applications and even the sometimes harsh environment of the modern hospital. In many instances, it was difficult or impossible for some users to enroll on conventional fingerprint sensors because of the dry, cracked fingers associated with frequent hand washing and the dry environment typical in hospital settings. In addition, healthcare workers typically have time-critical duties and are susceptible to rushing through a biometric authentication process. These issues led to substandard results when fingerprint sensors were deployed in the real world.
The latest multispectral imaging sensor technology solves these issues by allowing for the subsurface of a fingerprint to be scanned in addition to the surface of the skin. They also combat the use of spoofs through a capability called liveness detection that recognizes characteristics that only exist with real living human tissue. Spoofs can be identified within a fraction of a second and the transaction invalidated. Today’s sensors are also capable of “learning” and preventing new spoofs as they are identified, similar to the way an anti-virus software is updated to protect computers. Systems with liveness detection have been proven effective against nearly 60 materials and material variations including glues, silicones, gelatins, latex, thin film tapes, photocopies, plastics, Play-Doh, waxes and latent print activation.
Government-Based Guidelines
In addition to using biometrics to combat fraud in electronically prescribed medications, physical objects can also be used. In the U.S., this can be a FIPS 140-2 certified cryptographic key, hard token or card.
Security is improved worldwide by leveraging public key infrastructure (PKI) using on-site or cloud-based validation services between all relying parties. PKI security elevates the trusted transaction which reduces or eliminates the opportunity for breach.
The concept of Federated ID Systems for an urban medical community relies on a PKI infrastructure whereby an identity is trusted and used throughout disparate facilities. With healthcare providers sharing multiple resources, the community benefits when they agree to create a single, central identity policy within which each sponsor organization maintains access autonomy. A Federated ID System leverages identity-proofed trust that is maintained and used in a shared community. No longer must shared physician resources carry multiple badges; the highest value is revocation to all access systems upon an employee’s departure from any single sponsor’s system.
In-Home Services
Moving to the home environment, tamper-proof NFC tags provide an important new way to deliver a secure and seamless method of Electronic Visitor Verification (EVV). Caregivers can accurately document their arrival and departure by “tapping” an NFC-enabled mobile device to NFC tags at their patients’ homes. This secure and trusted transaction can be used to prove the caregiver was in the patient’s home at the proper time, helping providers improve efficiency, maintain more accurate service records and reduce billing fraud.
Sheila L. Stromberg is director of vertical markets – healthcare solutions for HID Global. To request more info about the company, please visit www.securityinfowatch.com/10213866.
