What are your HIPAA Password Policies?
October 11, 2012Authentication and identification solutions are important security-technology decisions. What users require what access to which systems?
In healthcare a larger issue because of HIPAA requirements is raising the profile of information security. From a more tactical perspective, authentication and identification are ultimately workflow issues. For caregivers, the real imperative is to take care of patients efficiently, not deal with information security. They will, therefore, avoid and even reject security practices that impede care delivery.
What’s also true is that workflows vary based on the type of caregiver, the task at hand, the patient’s condition and venue. A productive means for authentication can be an impediment in another. In an emergency room, you’ll find dozens of caregivers, visitors, public-safety personnel and visitors coming and going in a swirl of activity. With different beds, patients, computers and situations, the environment is hectic and the information security workflow needs to be urgent and rapid.
In contrast that with an operating theater, a highly secure environment with low traffic and low turnover. Information security needs are well-defined and fairly static in this situation. There are other variations in the ICU’s pharmacies and other clinical settings. Although there are numerous authentication technologies in the market today, the effective choices for hospitals must address key problems:
- Speed – security that introduces delay’s is un-acceptable to the clinical community, ideally, new technologies should accelerate authentication.
- Security – Hospitals need authentication that is non-corruptible and cannot be easily repudiated.
- Environmental Adaptability – Whether it’s a latex gloved workers, sterile environments, or high traffic areas, the authentication choices must be suitable for the environment.
- Regulatory Compliance – New regulatory frameworks and requirements make it more important than ever to close security loopholes and demonstrate commitment and effort to ensuring privacy of healthcare information