Secure to the Touch: Ease Access while Improving Security
Parkview Adventist Medical Center recently found itself at the intersection of two of the biggest concerns in the healthcare industry today – how to provide easy access to patient data and medical information while keeping it all secure. Any access control or security system implemented would need to accommodate heavy use by staff accessing and logging out of the data, and the system would need to comply with increased industry and government security regulations.
Parkview is a 55-bed acute care hospital in Brunswick, Maine that was founded in 1959 and has consistently been a prime provider of the area’s healthcare needs.
As the medical center continued to grow and expand, new healthcare information technologies were purchased, developed and implemented on an as-needed basis. This enabled Parkview to continue providing the same excellent level of care its patients had become accustomed to, and at the same time contributed to the creation of a complex IT environment where access requirements and systems varied from program to program.
As the staff grew to more than 350, clinicians and physicians began to express frustration about the number of passwords they needed to remember on a daily basis. The time spent logging in and out of systems could be better used to directly care for patients. The additional systems and the increased dependence on passwords created a surge in IT help desk calls. IT staff were often tasked with providing temporary passwords or granting access for those locked out.
ADDRESSING THE ISSUEAs with all hospitals, ensuring patient safety is Parkview’s number one priority. It was clear, however, that staff needed more efficient access to data, applications and information in order to continue providing timely care and service. With multiple workstations and computers-on-wheels (COW) throughout the center, the organization needed to provide its clinical staff the ability to walk up to any workstation and log into the network quickly.
At the same time, Parkview also needed to ensure that any access control system complied with HIPAA and state-mandated network security patient information regulations. The system needed to be set up in such a way that if a hurried physician forgot to log out on his/her way to the next patient, they’d automatically be logged out – thus preventing critical patient data from being compromised and preventing any problems the physician might have in trying to log back into the network from elsewhere.
Instead of looking at these issues as isolated problems, the organization used this as an opportunity to improve its systems and increase organization-wide security by combining all of its health data into one healthcare information system (HCIS).
Parkview determined that an HCIS from Meditech would best serve its needs. At the same time, research showed that a single sign-on (SSO) solution could be implemented as a part of the HCIS and combined with finger biometrics to relieve the staff’s login/logout issues and give Parkview a stronger overall security system.
The search quickly identified identity and access management company Imprivata and its OneSign platform. The system is an appliance that helps organizations strengthen network security by adding secure SSO to any application, thereby making it ideal for Parkview.
The deployment of the system was remarkably fast, as the staff at Parkview was able to implement 43 modules in just over six months and the SSO feature was up and running a couple of days later. The system was set up so that users enroll several fingerprints using a scanner, which then records the prints in a file associated with each user’s identification information. From that point, all the user needs to do is scan his/her fingerprint at any workstation or COW and the system compares it to the prints on file to complete the authentication process.
ADDITIONAL ADVANTAGESAlthough Parkview initially invested in finger biometrics to solve its password problems and strengthen IT security, the technology has provided additional benefits. The uses of the system have evolved in the process. Parkview now barcodes and scans every medication that enters the hospital and puts a corresponding barcode on each patient wristband, ensuring that the correct medications are administered at the right time. The medications themselves are only accessible after a nurse has been authenticated using finger biometrics, greatly reducing medication errors and better ensuring patient safety.
As a result of this project, the need for physicians and staff to memorize multiple passwords was eliminated. By incorporating SSO and finger biometrics into the HCIS system, Parkview’s team was able to deliver full access to all hospital information with just one finger, which delighted the organization’s physicians and clinicians. The project successfully cut helpdesk costs and improved employee productivity, as clinicians now spend less time logging in and out of network applications and more time on overall patient care.
The pressure to increase productivity and protect patient data among end-users and security administrators alike is an ongoing challenge for healthcare facilities of all types and sizes. The abundance of online information available to clinicians today ultimately improves productivity and potentially provides a competitive advantage in the market. Although the race to provide fast and secure access to that information can be complex and daunting, it is a race that can be won.