Securing the healthcare environment

August 2013 Integrated Solutions, Healthcare (Industry)

The modern healthcare facility must contend with a difficult combination of increasing crime, tightening regulations, and economic challenges as administrators and their security teams strive to protect people, property and sensitive data. The International Association for Healthcare Security and Safety (IAHSS) reported in its 2012 Crime and Security Trends Survey that the number of healthcare crimes increased by nearly 37% in just two years, from just under 15 000 in 2012 to more than 20 500 in 2012. And according to the Ponemon Institute, nine out of 10 hospitals in the US have suffered a data breach or intrusion in their networks over the past two years. Increasingly, hospital security and information technology (IT) departments must work together to design, implement and maintain robust security capabilities.

There are several best practices to consider. First, access control systems should be based on an open architecture so they can support new capabilities over time, and they should use contactless high frequency smartcard technology that features mutual authentication and cryptographic protection mechanisms with secret keys. Cards should also employ a secure messaging protocol that is delivered on a trust-based communication platform within a secure ecosystem of interoperable products. With these capabilities, hospitals can ensure the highest level of security, convenience, and interoperability, along with the adaptability to meet future requirements.

One future requirement may be the ability to combine multiple applications onto a single card. In addition to centralising management, this eliminates the need for hospital employees to carry separate cards for opening doors, accessing computers, using time-and-attendance and secure-print-management systems, and making cashless vending purchases. Other applications can include building automation, medical records management, and biometric templates that are stored on the card for additional factors of authentication.

With a highly secure smartcard foundation in place, hospitals are also well positioned to improve risk management and comply with new legislation or regulatory requirements. As an example, the Health Insurance Portability and Accountability Act (HIPAA) imposes strict requirements for accessing medical records, which may necessitate the use of a smartcard to enter secure areas or to access IT networks that store patient information.

Visitors must also be considered. Paper guest books should be replaced with registration systems that screen, badge and track every visitor and vendor. These systems should support the HL7 interface control so administrators can match visitors to real-time information about patient admissions and discharges, Status Blue for pre-registering and approved vendors, and access control integration to provide temporary proximity card access to specific guests, such as contractors or temporary employees. They also should support optional screening and watch lists of unwanted visitors. Finally, they should enable the creation of long-term, durable visitor badges for family members who will be visiting a patient frequently over an extended period.

For logical access control, it’s important to move beyond simple, static passwords to strong authentication methods that ensure individuals accessing data are authorised to do so, and are who they claim to be. Speed and convenience are important – a hospital campus is essentially made up of multiple remote access areas, such as test rooms where a nurse may need to access digital X-ray results. It would be difficult if staff had to use a strong authentication method that was complicated or required considerable time and/or typing in each area where they must access data. Instead, they should be provided with contactless One Time Password (OTP) login solutions that enable them to easily 'tap in' and 'tap out' for computer login and logout with strong authentication.

Another important practice is device authentication, and the default model is to ensure that authenticated users within the hospital may only access their own or their patients’ health records from a known and properly registered device. In the case of affiliated doctors who work with many hospitals, the best approach is to provide them with mobile soft tokens so they don’t have to carry multiple OTP tokens. Affiliated doctors also should be required to authenticate their devices, both in the hospital and at home or the office. New developments include device authentication technologies that recognise anomalies in users’ typical typing style and behaviour.

Logical access control is also important for on-line patient identification and record access. HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) act point the way, but it will be important that solutions be flexible enough to support new regulatory requirements over time. We also should look to the consumer on-line banking model, where a layered approach has proven effective in ensuring that appropriate levels of risk mitigation can be applied. Another key element that can be applied from on-line banking is to validate transactions as well as sessions.

Hospitals and their staff and patients face growing security threats. Administrators need a combination of physical access control systems with integrated visitor management capabilities, and logical access control solutions that take a layered approach to risk mitigation while moving beyond passwords to implement strong authentication.

Source: https://www.hidglobal.com/blog/hospitals-must-combat-threats-both-facility-and-their-data

For more information contact HID Global, +27 (0)82 449 9398, rtruter@hidglobal.com, www.hidglobal.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Building a nervous system for smart cities
Issue 1 2020, Pinnacle Instruments SA , Integrated Solutions
Build a central nervous system for smart cities, by employing real-time situation reporting and analysis that unites the powers of cloud computing, AI, IoT and big data.

Read more...
The secret to 5G security? Turn the network into a sensor
Issue 1 2020 , Integrated Solutions
We are about to make the leap from being a civilisation that uses networks to one that runs on them in a fundamental and inextricable way.

Read more...
The move to services and RMR
Issue 1 2020, Merchant West, G4S South Africa, Technews Publishing , Integrated Solutions
Project work used to be the staple diet for system integrators, but that was before the services model changed the way businesses buy and use their security systems.

Read more...
Global security industry adopts servistisation models
Issue 1 2020 , Integrated Solutions
New as-a-service business models are gaining traction because they reduce capital expenditure and cost of ownership, finds Frost & Sullivan.

Read more...
Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Read more...
Scalable access solution
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Integrated Solutions
Bosch Building Technologies makes access management simple, scalable and always available with Access Management System 2.0.

Read more...
Securing perimeters of secure locations
November 2019, Axis Communications SA, Modular Communications, Hikvision South Africa, Nemtek Electric Fencing Products, Technews Publishing, Stafix , Government and Parastatal (Industry), Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
Hi-Tech Security Solutions asked a number of companies offering perimeter security solutions for their insights into protecting the boundaries of national key points.

Read more...
The safe city and its need for interoperability
November 2019 , Integrated Solutions, CCTV, Surveillance & Remote Monitoring
Interoperability continues to present one of the greatest challenges, particularly with video management systems, video recording devices and cameras.

Read more...
Analytics-driven solutions for smart infrastructure
November 2019, Bosch Building Technologies , Integrated Solutions
Video analytics technology can bring intelligence to infrastructure by delivering solutions for traffic flow, improved safety, smart parking, and data collection.

Read more...
A platform approach to innovation and value
CCTV Handbook 2019, Technews Publishing , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure
Moving to the platform model of doing business holds tremendous advantages for end users and smaller developers, but also for the whole technology supply chain.

Read more...