Current Location:
> This Story

starstarstarstarstar (1)
Log in or Register to rate this News Story
Forward Printable StoryPrint Comment

Never Miss a Story

Sign up for email alerts


More Voices

Impacting change: radiation safety is on the radar in the cath lab An electrophysiologist discusses practitioner dose concerns

Squeezing costs out of supply chain management Insights from Tina Vatanka Murphy, senior vice president, Global Product & Corporate Development at GHX

October is breast cancer awareness month The Jacobus Report

Better care with fewer resources Value-based technology companies offer savings in the OR without sacrificing quality

Q&A with Dr. Sanjaya Kumar, managing director of corporate governance and product strategy for Synepta Five growth opportunities in today’s health care environment

IAMERS in Barcelona The Jacobus Report

Preparing for MEDICA: Q&A with Joachim Schafer Drawing 130,000 visitors from 66 nations, MEDICA is the world's biggest health care trade show

Securing workstations from the risk of exposing sensitive data

By Dean Wiech
This first appeared in the December 2012 issue of DOTmed HealthCare Business News

Health care and security through single sign on and two-factor authentication

In hospitals and health care settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.

Story Continues Below Advertisement

qualiTEE - reliabiliTEE - repairabiliTEE - we guaranTEE

Bayer HealthCare Multi Vendor Service will repair your probe with the same precision and care you provide to your patients. Call us at 1-844-MVS-5100 (1-844-687-5100) or visit

Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between users.

With several users logged into one machine, it is impossible to track how each employee is using the system in case there’s ever a need to construct an audit trail or to track how employees use the systems.

The first step to reducing the risk of exposing sensitive data to those who shouldn’t have access is to create user accounts for every person that needs access. While this may seem like an easy task there are number of considerations to keep in mind. For example, it’s necessary to ensure accounts are created in a timely fashion and that proper access rights are given in the network, and that the account is disabled if the employee leaves.

But even with strict security requirements in place, users increasingly have to enter a separate combination of usernames and passwords for each application they wish to access. Taken daily, users can easily enter credentials for more than a dozen applications, producing even more issues. It takes time and opens up other security issues (passwords written on sticky notes stuck to the monitor or on pieces of paper slid under the keyboard for example, or overly simply passwords). Help desks also frequently field calls from users who’ve lost passwords, resulting in elevated support costs.

One practical and secure solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials.

Results from a survey in the health care market revealed some concerns though with SSO, including that the e-mail applications of the users might be available to others. Users expressed concern, being very protective of their e-mail and their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an e-mail account.

The concern that information may be easily accessed by non-account owners in a SSO environment can easily be alleviated by using two factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their user name and password like a pass card, pin code or USB token to access the workstation. This ensures there is an added level of security of their e-mail and other accounts and means even if someone besides the account owner has possession of a password, they are unable to access the account without that second piece of information.

Using the two pieces, SSO and two-factor authentication, in conjunction solves HIPAA security problems for keeping electronic information safe while also addressing the users’ concerns of privacy for their accounts. The two-factor authentication also allows for fast user switching, thereby reducing time spent by clinicians waiting on their profile to load.

By utilizing automated solutions for identity and access management, the burden on the IT staff also can be decreased and overall system security will increase, allowing employees more time to focus on the real work at hand without having to worry about sharing access to systems or worrying about multiple password applications.

About the author: Dean Wiech is managing director at Tools4ever. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as User Provisioning, RBAC, Password Management, SSO and Access Management, serving more than five million user accounts worldwide.


Interested in Medical Industry News? Subscribe to DOTmed's weekly news email and always be informed. Click here, it takes just 30 seconds.

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2015, Inc.