Hospitals need stronger 'in-depth' physical security at different entry points |
Within the course of any given day, a hospital or health care chief security officer (CSO) faces the task of not only protecting multiple points of access but also doing so in a way that enables movement and activity, is convenient for staff and patients and does not impede the facility's primary function: saving lives. Health care facilities exist in a wide variety of medical focus, administrative complexity and size, yet all demand appropriate access control coverage.
Dan DeBlasio, Director of business development, Identity and Access Management (IAM) and Keith Chapman, Solutions manager of Logical and Physical Card products (IAM) at HID explore the impact and implications of access control solutions in the health care sector.
From the moment you enter a major hospital or health care facility, it is likely that you are being monitored before you have even got out of your car. Regardless of if you pulled the ticket to access the parking garage, presented your employee ID to the parking entry reader or walked through the triage area of the emergency room, some form of access control and security has already come into play, getting stronger and more robust the further you get into the facility. Called "security in-depth", there are many different layers of security that go into health care facilities, with security monitoring becoming stricter the deeper you go. Often, this involves multiple points of entry and numerous levels of security for different strata of employees, typically beginning with an employee ID or access credential.
While much of what we read about preventing unauthorised access to certain areas within hospitals or health care facilities is positive, many institutions have already begun the process of implementing stronger physical security in the form of secure contactless smart cards. Breaches of physical security and unauthorised access to confidential patient files need to be addressed by putting deliberate procedures in place to audit, track and report their occurrence.
Access control in a challenging environment
Contactless smart cards minimise overhead when dealing with biometric template management and distribution |
Health care facilities and hospitals present unique challenges when it comes to security. The sheer volume of traffic and staffing at a major health care facility rivals any college campus environment. Whether the need is to restrict access to authorised personnel-only areas or protect personal and private patient information in either electronic or paper formats or keep hygiene standards to the maximum level, security within the confines of a health care-related setting is multi-faceted. It requires knowledge of current and future physical and logical access needs, coupled with an understanding of the standards and regulations facing today's health care practitioners.
For years, health care facilities have used a variety of methods to provide individuals with convenient yet secure access to facilities, the PC and the network. Because building access and IT systems have traditionally been separate purchasing decisions for many organisations, health care employees are familiar with being forced to carry multiple cards or tokens, using multiple PINs or passwords to access various systems. These practices resulted in security systems that are cumbersome for the employee to use and difficult costly for the organisation to manage and maintain, not to mention, deadly within an emergency setting.
Utilizing both, contact and contactless smart chip technologies, the use of a single card solution for identification, secure access and payments, can provide a unique access control solution for health care settings.
Ease of access for employees is crucial in an emergency setting |
Hospitals' staff need access to many different areas within the facility as well as immediate PC access and permission to access confidential client records. Carrying multiple smart cards to access those areas does not help mobility, speed or convenience for staff.
Using a single card also provides an opportunity for hospitals to combine workplace IDs and security access cards with payment cards, enabling employees to carry fewer cards and, for example, enable doctors, nurses and support staff to gain access to secure areas, while also using the same card for visual ID verification and for making purchases in the hospital cafeteria.
Benefits of contactless smart cards
One excellent example of how a contactless smart card-based application can benefit a health care organisation can be seen in the use of biometrics within a pharmacy setting. Contactless smart cards minimise overhead when dealing with biometric template management and distribution. Rather than storing biometrics on a server and distributing them over a wired network, a contactless smart card-based system allows biometric templates to be carried by the card holder, offering a stronger level of authentication and security commonly referred to as "Match on Card."
Contactless smart cards can also enhance security and address privacy concerns, as the biometric template is stored on the secure card, rather than passed over a hackable network. Using a smart card for logical access applications can advance security, improve convenience for the end-user and minimise help-desk calls for forgotten passwords for single sign-on cases.
Cost-effective access control solutions for hospitals
Cost-effective security solutions will allow hospitals to leverage their existing infrastructure |
The availability of cost-effective, multi-technology authentication devices is making it possible for hospitals and all its facilities to leverage their existing infrastructure, while adding new functionality at a reasonable cost. The convenience afforded by using a single smart card solution has many organisations re-examining the value of converging currently independent systems to achieve solutions that are robust, easily managed and cost-effective.
Just like any other highly trafficked business, hospitals and health centres find value in IP video surveillance, either manned or unmanned, with manned surveillance for immediate security and unmanned surveillance for audit and forensics.
Protecting patient information with security standards
As with any security implementation, it is always best to look at relevant security standards and regulations driving the organisational needs. Depending on which country you are in, you must consider what applications are already being used by hospitals and if there are any specific pre-requisites. For example, in the US a standard called HIPPA governs the health care market. In Europe no such one standard exists and every country has its own systems and preferences but not overriding legislation.
As an example, Austrian hospitals are already quite advanced in their use of multi-application smart cards for patients and hospital staff. The Gerrman eGK (elektronische Gesundheitskarte) is the largest European IT project linking all sorts of patient's records and details with each other and enhance this security system by use of smart cards.
Implementing logical access control solutions for greater security
Facing growing pressure and scrutiny from the public, health care CSOs are looking to implement stronger forms of authentication in an effort to restrict access to private patient data. Throughout the course of a day, username and passwords are used to access everything from computers to online Web portals to network resources, but does this mean that passwords are secure?
As the amount of confidential data becomes increasingly accessible, health care facilities are evaluating stronger security and searching for a replacement for traditional passwords. Unfortunately, many forms of stronger network security have traditionally been linked to poor user experiences and have resulted in poor user adoption. This does not need to be the case.
Health care facilities are evaluating stronger security and searching for a replacement for traditional passwords. One way this can be accomplished is through the implementation of logical access solutions |
One way this can be accomplished is through the implementation of logical access solutions, which encompass a number of PC- and network-related applications, including secure authentication and/or log-in to the PC or network, secure email, data encryption, file/folder encryption, single sign-on and remote VPN access.
Gaining access to the network, whether for ordering medication from the pharmacy or for accessing films or private patient information, can be mission critical for health care facilities. With doctors and nurses using shared terminals or mobile work stations, ensuring that patient information is secure and accessible is a major issue, especially when it occurs within a life-saving situation. If you lose or forget your password and cannot gain prompt access to patient records, it could cost a life. However, by using either a contact or contactless smart card to authenticate to the mobile terminal or workstation, many of these issues can be alleviated.
All-in-one access control solution
From a convenience perspective, having one card that does it all-a photo ID, an access control card, a cafeteria card and an additional authentication factor for network login-can provide a striking value proposition for organisations in the health care market. Leveraging the smart card across a wide range of applications beyond just opening the door can provide high value to hospitals and health care facilities that are charged with maintaining the highest levels of security, and doing so with a cost structure that saves time and money, in addition to patient's lives.
The fact that hospitals and health care facilities globally need to comply with strict hygiene standards has also raised the demand for access and security equipment that is waterproof and can be easily sterilised. Hospital staff who have continuous patient contact while simultaneously using their smart cards to gain access to rooms, secure PC applications and patient records, thus benefit from contactless technologies as it helps to control infections and reduce the likelihood of transferring viruses.
The future is contactless smartcards
Looking ahead, the health care sector will continue to improve their physical security systems and improve patients' confidentiality while increasing hygiene standards. Although some countries seem to be more advanced than others, many countries have already realised that contactless smartcards are the means to better current practice and set a standard for years to come.
Dan DeBlasio Director of business development, Identity and Access Management (IAM) HID Global | |
Keith Chapman Solutions manager of Logical and Physical Card products (IAM) HID Global |