Protecting patients, staff and data

Here, a patient’s right to privacy is paramount and any inappropriate access to sensitive patient data is a serious abuse of that right.

If we consider Identity and Access Management (IAM) as a security discipline that enables the right individuals to access the right resources at the right times for the right reasons, it is therefore a crucial undertaking for any enterprise, but one cannot over-emphasise the importance of IAM in the healthcare sector.

Here, a patient’s right to privacy is paramount and any inappropriate access to sensitive patient data is a serious abuse of that right.

Challenges

Outdated Systems

Healthcare organisations retain a large volume of often complex data for each patient or partner organisation that is often saved on outdated systems. These systems can be expensive to update and hard to improve with better protection capabilities. Hence most healthcare organisations abstain from making technical changes which leaves them especially vulnerable to security breaches.

Constant Change to Role Based Access

A daunting challenge for any IAM solution in the healthcare space is to keep up with the ever-changing role-based access to which healthcare providers are entitled. Given the fluid nature of roles that doctors, nurses, physician assistants assume, it is imperative that any technical solution grants access to the right people at the right times and more specifically at the time when they need it most. One essential feature of a robust IAM solution is that access is revoked when roles change and/or healthcare professionals leave a particular team, department or organisation.

Large, disparate user populations

This is especially important in the case of an integrated medical care environment or when a government of a country is trying to create an efficient e-health platform. Managing various stakeholders including patient and family along with the healthcare provider, insurer, employer etc. becomes a herculean task for the most robust of IAM solutions.

Username and Password is no longer enough

Authentication has to look beyond mere username and password. Additional measures such as multifactor authentication and breached password detection facilities are now commonplace. Furthermore users cannot be expected to remember and manually enter a different set of credentials for different services. Not only is manual entry cumbersome and subject to the vagaries of memory but it will also waste precious minutes that users – especially in an emergency – simply cannot spare.

Applications

In a healthcare facility, the key areas to protect are patients, staff and data. You need to make it harder for people to gain access to places they’re not entitled to, keep patient information and records private and issue accurate proof of identity quickly and easily.

Photo ID

Visual identity within a medical facility is important. Staff IDs reassure a patient who they are dealing with, patients need to be easily identified and only appropriate visitors should be granted entry to wards. ID cards with secure visual identity features such as a HoloKote(R) watermark can facilitate this. A desktop ID card printer at the reception desk can be used to instantly issue secure IDs to all incoming patients, contractors and visitors.

Physical access

Both employee smart ID cards, patient ID and instantly issued visitor cards can be used to grant access to secure areas within a medical facility including ward access, associated with pre-defined visiting times. Access is typically granted using a card reader linked to a physical access control system (PACS).

Data

The embedded electronic chip within patient ID smart cards or those issued by a health insurer can be used to store important information about the individual. As well as information about their health insurance scheme allowances, health-related information such as blood group, allergies and medications can be all be written to the card. This can be read at the bedside or in an emergency situation by a health professional equipped with an appropriate mobile card reader.