Gaining Admittance to the Hospitals Market

For example, one organization has integrated a medication dispensary system into its access control solution, thereby reducing medication administration errors. This integrated system provides the added benefit of allowing the medical center to track and audit access to medications, dosing amounts and medication administration schedules, helping staff and practitioners remain in compliance with hospital and regulatory policies and patient rights.

Just like any other highly trafficked business, hospitals and health centers find value in IP video surveillance, either manned (immediate security) or unmanned (audit and forensics). Many companies use this technology today and hospitals have also found value in this security-enabling application.

Protecting Patient Information

[IMAGE]77[/IMAGE]

While there are numerous standards and regulations facing the health-care market, it is also important to evaluate how your installation will impact the organization’s ability to address overarching industry-specific rules.

In addition to better physical security systems, hospitals and health-care facilities are required by law to restrict access to private and personal patient information as outlined in HIPAA. This aims to protect patients’ privacy through the use of more rigorous administrative processes.

At the forefront of this act is the call for stronger information security guidelines, as noted by th
e Privacy Rule. This requires compliance by health-care organizations – including health plans, providers, clearinghouses, business associates and contractors, billing agents and other related services – to protect a patient’s personal data and confidential health information. 

Facing growing pressure and scrutiny from various regulatory bodies, health-care CSOs are looking to implement stronger forms of authentication in an effort to restrict access to private patient data. Throughout the course of a day, usernames and passwords are used to access everything from computers to online Web portals to network resources. But are these passwords secure? 

As the amount of confidential data becomes increasingly accessible, health-care facilities are evaluating stronger security and searching for a replacement for traditional passwords. Unfortunately, many forms of stronger network security have been linked to poor user experiences and adoption. This does not need to be the case.

One way this can be accomplished is with logical access solutions, which encompass a number of PC- and network-related applications, including secure authentication and/or login to the PC or network, secure E-mail, data encryption, file/folder encryption, single sign-on and remote VPN access.

Gaining access to the network, whether for ordering medication from the pharmacy or for accessing films or private patient information, can be mission critical for health-care facilities. With doctors and nurses using shared terminals or mobile workstations (such as the ubiquitous COW — “cart-on-wheels”), ensuring that patient information is secure and accessible is a major issue, especially when it occurs within a life-saving situation.

If a medical professional loses or forgets his/her password and cannot gain prompt access to patient records, it could cost a life. Using either a contact or contactless smart card to authenticate to the mobile terminal or workstation can alleviate many of these issues.

From a convenience perspective, having one card that does it all — a photo ID, an access control card, a cafeteria card and an additional authentication factor for network login – can provide a striking value proposition for organizations in the health-care market.

Leveraging the smart card across a wide range of applications beyond just opening the door can provide high value to hospitals and health-care facilities that are charged with maintaining the highest levels of security, and do so with a cost structure that saves time and money, as well as patients’ lives.

Dan DeBlasio is director of business development, Identity and Access Management (IAM), and Rick Mohr is director, National Accounts/Consultant Relations, North American Installation Channel, for HID Global.


HITECH Act Targets Security Disclosures

In early 2009, the Health Information Technology for Economic and Clinical Health Act, or HITECH Act, was signed into law as part of the American Recovery and Reinvestment Act of 2009 (ARRA). The HITECH Act adds notification requirements for health information security breaches and implements new data security standards and procedures for electronic health records (EHR).

One of the key provisions of this new Act requires health-care organizations and their service providers to disclose all security breaches that could compromise a patient’s personal and protected health information (PHI).

While the Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses health information security and privacy issues, the HITECH Act extends the HIPAA Security and Privacy Rules to non-HIPAA covered entities – holding them to the same privacy and security standards as covered entities.

The HITECH Act’s Health Breach Notification Rule is designed to protect electronic health information by calling for complete disclosure of breaches, including a description of the breach, when it occurred and was discovered, what types of information were involved, and a description of what was done to investigate and prevent future incidents.

Key provisions under this act, along with the certification process and standardization criteria have not yet been determined. However, the Federal Trade Commission has released a notice of proposed rulemaking regarding rules requiring vendors of personal health records and related entities to notify individuals when the security of their individually identifiable health information is breached.

Comments on the proposed rule were due by June 1, 2009.  For complete details on ARRA and the impact it has on the health-care industry, visit www.whitehouse.gov/the_press_office/arra_public_review/.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters