|
Healthcare providers face
the challenge of implementing strategies that meet the
twin objectives: improving security and privacy while
easing access to information. Demonstrating privacy
and security to the patient is a key success factor
for the medical establishment and a factor preserving
the healthcare provider’s goodwill.
Yet, this task is not
a simple one. The importance of strong authentication,
authorization, administration, and auditing is rising
as healthcare providers strive to centralize the storage
and administration of their users’ credentials and rights
in order to more effectively control the delegation
of access to sensitive information and applications.
Particular factors such as: security, cost, convenience
and regulatory compliance must be properly balanced
in order to obtain this dual objective.
Authernative can help
Authernative overcomes
the security and identity management challenge offering
a solution to healthcare providers by implementing a
system of strong authentication, authorization, administration,
auditing, and single sign-on to internal and external
mass users in a cost effective, easily deployable, and
easy to use manner.
Authernative™ PassEnabler®
overcomes the low level of security offered by traditional
passwords, and provides an advanced authentication solution
ensuring fast, convenient, and conclusive end-user verification.
Authentication, authorization, administration, and auditing
capabilities are integrated into one engine, which provides
authenticated users ready access to critical information
they have been authorized for. At the same time, the
product’s single sign-on, policy management, and self-reset
capabilities allow for consistent access methods, increasing
security, productivity, and reducing password-associated
help-desk costs.
|
HIPAA |
The new transaction
standards mandated by HIPAA encompass a significant
increase in the use, transfer, and storage of
electronic data, all of which must be kept private,
secure, and portable. Key requirements include
access control, audit control, authorization
control, and authentication of data to guard
against unauthorized access and conclusively
identify those receiving information protected
by HIPAA.
|
|
Healthcare Applications |
The conglomeration
of healthcare computer applications creates
incompatibility among different information
sources and a confusing variety of access and
usage norms. The commonality of business domain
tasks and security requirements across healthcare
computing environments requires that fine-grain
access control, auditing, non-repudiation, and
notification of security breaches, all be included
in the security architecture.
|
|
Physician Access |
The relationship
between attending physicians and the individual
elements of patient records is transient, characterized
by the need for quick, easy and secure information
and resource access from multiple access points
and conveniently located workstations. The challenges
to healthcare are marked by an abundance of
disparate applications across heterogeneous
environments, each requiring unique logon and
access requirements further complicating the
administration and maintenance of a consistent
security enterprise policy.
|
|
Healthcare Workers |
Healthcare workers
need continuous authorization to access patients'
data and other information on a context basis
without the burden of cumbersome security protocols,
when they work at patient care stations and
share access to a workstation.
|
|
Wireless Devices |
HIPAA does not
have specific provisions regarding PDA or wireless
networking, but it mandates that identifiable
data must be protected regardless of where the
data travels or comes to rest. Handheld devices
that tap into multiple legacy systems within
the hospital information network require two
protections beyond the initial password: automatic,
obligatory encryption of stored data to thwart
thieves and encrypted transmission of data to
prevent interception. Further preferred requirements
are easy-to-use and easy-to-handle security
mechanisms.
|
|
E-mail |
In healthcare,
email is a key medium that enables moving more
business processes online, streamlining quarterly
report submissions and opening doors to electronic
physician-patient communication for treatment
purposes. Securing e-mail access and transfer
is a must.
|
|
