dismiss

Visit DOTmed, Booth 1513, at FIME 2015 in Miami / See our Exhibitor Preview here!

SEARCH
Current Location:
>
> This Story

starstarstarstarstar (1)
Log in or Register to rate this News Story
Forward Printable StoryPrint Comment

Never Miss a Story

Sign up for email alerts

 

More Voices

View from the Hill - Proposed FY 2016 IPPS rule barely changes patient safety programs How the proposed FY 2016 IPPS rule does not change patient safety programs

Diagnostic Directions – High tech + High touch How advanced technology will close the gap between shortage of PCPs for patients

Q&A with Terry Edwards, CEO of PerfectServe Is the sensitivity of health data slowing down patient care?

IAMERS meeting in Barcelona The Jacobus Report

Medical Museum: Obstetrical Delivery Set See how far the tools of obstetrics has progressed and be thankful!

Practice Greenhealth Healthier Hospitals caps three years of powerful change Read about how the Healthier Hospitals Initiative reaped tremendous changes

This Month in Medical History – The not-so-brief life of red blood cells Read how Ms. Winifred Ashby discovered the physiology of erythrocytes (red blood cells) and its benefits

Best Practices – Q&A with Steve Baker, Founder and president, Radiology Protocols Discover all the facts behind the modernization of radiology protocol management with Steve Baker

Securing workstations from the risk of exposing sensitive data

By Dean Wiech
This first appeared in the December 2012 issue of DOTmed HealthCare Business News

Health care and security through single sign on and two-factor authentication

In hospitals and health care settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.

Story Continues Below Advertisement

VIP Medical, Inc. - A Reputation For Quality!!! Visit www.vipmedinc.com

Our primary focus is International wholesale distribution of Pre-owned Medical Equipment. We specialize in Respiratory Equipment, primarily adult and infant ventilators. All major OEMs supported. Call 703-589-0369. DOTmed Certified



Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between users.

With several users logged into one machine, it is impossible to track how each employee is using the system in case there’s ever a need to construct an audit trail or to track how employees use the systems.

The first step to reducing the risk of exposing sensitive data to those who shouldn’t have access is to create user accounts for every person that needs access. While this may seem like an easy task there are number of considerations to keep in mind. For example, it’s necessary to ensure accounts are created in a timely fashion and that proper access rights are given in the network, and that the account is disabled if the employee leaves.

But even with strict security requirements in place, users increasingly have to enter a separate combination of usernames and passwords for each application they wish to access. Taken daily, users can easily enter credentials for more than a dozen applications, producing even more issues. It takes time and opens up other security issues (passwords written on sticky notes stuck to the monitor or on pieces of paper slid under the keyboard for example, or overly simply passwords). Help desks also frequently field calls from users who’ve lost passwords, resulting in elevated support costs.

One practical and secure solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials.

Results from a survey in the health care market revealed some concerns though with SSO, including that the e-mail applications of the users might be available to others. Users expressed concern, being very protective of their e-mail and their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an e-mail account.

The concern that information may be easily accessed by non-account owners in a SSO environment can easily be alleviated by using two factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their user name and password like a pass card, pin code or USB token to access the workstation. This ensures there is an added level of security of their e-mail and other accounts and means even if someone besides the account owner has possession of a password, they are unable to access the account without that second piece of information.

Using the two pieces, SSO and two-factor authentication, in conjunction solves HIPAA security problems for keeping electronic information safe while also addressing the users’ concerns of privacy for their accounts. The two-factor authentication also allows for fast user switching, thereby reducing time spent by clinicians waiting on their profile to load.

By utilizing automated solutions for identity and access management, the burden on the IT staff also can be decreased and overall system security will increase, allowing employees more time to focus on the real work at hand without having to worry about sharing access to systems or worrying about multiple password applications.

About the author: Dean Wiech is managing director at Tools4ever. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as User Provisioning, RBAC, Password Management, SSO and Access Management, serving more than five million user accounts worldwide.

Related:


Interested in Medical Industry News? Subscribe to DOTmed's weekly news email and always be informed. Click here, it takes just 30 seconds.

You Must Be Logged In To Post A Comment

Advertise
Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Directory
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Requests
Gold Service Dealer Program
Receive RFP/PS
Requests
Healthcare Providers
See all
HCP Tools
Jobs/Training
Find/Fill
A Job
Parts Hunter +EasyPay
Get Parts
Quotes
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Quotes
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2015 DOTmed.com, Inc.
ALL RIGHTS RESERVED