dismiss

Mark your calendars: the next Clean Sweep Live Auction will be on Thursday, January 25th--Click to view the full catalogue

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
SEARCH
Current Location:
>
> This Story

starstarstarstarstar (1)
Log in or Register to rate this News Story
Forward Printable StoryPrint Comment

 

 

More Voices

Moving from CR to DR: The practical perspective Marshall Smith, clinical specialist with Novarad, breaks down five reasons why there's no time like the present to invest in digital radiography

The future of AI in radiology Dr. Leon Chen on the benefits machine learning promises, and the challenges that stand in the way of fulfilling them

Should we let the tail wag the dog? The Jacobus Report

Blockchain Q&A with Chrissa McFarlane, Founder, and CEO of Patientory Blockchain is coming to health care - but what does that mean, exactly?

HTM analytics and performance measurements for hospitals in 2018 Insights from Doug Brown, vice president of Superior Analytics

Securing workstations from the risk of exposing sensitive data

By Dean Wiech
From the December 2012 issue of DOTmed HealthCare Business News magazine

Health care and security through single sign on and two-factor authentication

In hospitals and health care settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.

Story Continues Below Advertisement

OR Tables, Treatment/GYN/Uro Chairs, Transport Stretchers, Hospital/ICU Bed

iMS combines the superior service of Oakworks Medical and advanced manufacturing technology of FAMED Medical Solutions. The goal of iMS, "Connecting Art and Medical Science" goes way beyond product with exceptional CareLink service. Contact us today!



Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between users.

With several users logged into one machine, it is impossible to track how each employee is using the system in case there’s ever a need to construct an audit trail or to track how employees use the systems.

The first step to reducing the risk of exposing sensitive data to those who shouldn’t have access is to create user accounts for every person that needs access. While this may seem like an easy task there are number of considerations to keep in mind. For example, it’s necessary to ensure accounts are created in a timely fashion and that proper access rights are given in the network, and that the account is disabled if the employee leaves.

But even with strict security requirements in place, users increasingly have to enter a separate combination of usernames and passwords for each application they wish to access. Taken daily, users can easily enter credentials for more than a dozen applications, producing even more issues. It takes time and opens up other security issues (passwords written on sticky notes stuck to the monitor or on pieces of paper slid under the keyboard for example, or overly simply passwords). Help desks also frequently field calls from users who’ve lost passwords, resulting in elevated support costs.

One practical and secure solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials.

Results from a survey in the health care market revealed some concerns though with SSO, including that the e-mail applications of the users might be available to others. Users expressed concern, being very protective of their e-mail and their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an e-mail account.

The concern that information may be easily accessed by non-account owners in a SSO environment can easily be alleviated by using two factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their user name and password like a pass card, pin code or USB token to access the workstation. This ensures there is an added level of security of their e-mail and other accounts and means even if someone besides the account owner has possession of a password, they are unable to access the account without that second piece of information.

Using the two pieces, SSO and two-factor authentication, in conjunction solves HIPAA security problems for keeping electronic information safe while also addressing the users’ concerns of privacy for their accounts. The two-factor authentication also allows for fast user switching, thereby reducing time spent by clinicians waiting on their profile to load.

By utilizing automated solutions for identity and access management, the burden on the IT staff also can be decreased and overall system security will increase, allowing employees more time to focus on the real work at hand without having to worry about sharing access to systems or worrying about multiple password applications.

About the author: Dean Wiech is managing director at Tools4ever. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as User Provisioning, RBAC, Password Management, SSO and Access Management, serving more than five million user accounts worldwide.

Related:


You Must Be Logged In To Post A Comment

Advertise
Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Directory
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Requests
Gold Service Dealer Program
Receive RFP/PS
Requests
Healthcare Providers
See all
HCP Tools
Jobs/Training
Find/Fill
A Job
Parts Hunter +EasyPay
Get Parts
Quotes
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Quotes
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2018 DOTmed.com, Inc.
ALL RIGHTS RESERVED