“There are almost 60 health care related IT laws that have been enacted on the local level by more than 30 states, and each of these laws have some impact on security,” said Scott Bartlett, CEO at Southwest Surveillance Systems.
Most federal and state regulations have strict and detailed privacy and security rules affecting health care providers, insurance providers, or other organizations that have contact with patients and their medical history and personal information. “From a practical perspective, these regulations force covered entities to enact the appropriate policies to the best of their ability, and recent advances in security and surveillance, including the proliferation of IP video and video analytics shows the potential to actually reduce the cost of implementing these policies by automating some physical security procedures that are currently manual processes, such as logging access to isolated or restricted areas,” Bartlett said. “This is only one simple example of the opportunities that exist, but as this industry continues to advance and regulations continue to grow, more opportunities will appear.”
Code Blue
“State and federal laws are regulating higher levels of security, as well as requiring immediate reporting of ‘misdirected events' at health care-related facilities,” Stromberg said. “These incidents, such as breaches of physical security and unauthorized access to confidential patient files, are addressed by putting deliberate procedures in place to audit, track and report their occurrence. Misdirected events are business drivers that keep health-care CSOs awake at night. By implementing the appropriate security measures, procedures and
precautions, CSOs aim to keep these events to a minimum, thereby reducing exposure to state and national regulatory fines. These fines cost health care organizations US$100 per failure to comply; for civil incidents, up to $25,000 a year for multiple violations of the HIPAA under the Privacy Rule provision.”
Regulations and codes are a big part of what drives health care organizations in the U.S. to design their security systems. “Codes can be specific, down to the city and county level,” said Ann Timme, Health care Marketing Manager at Ingersoll Rand Security Technologies. “It's important to have a local resource that is current on this information to help the facility change and upgrade as needed to stay in compliance.”
In the U.K., there is no specific health care access control legislation. “However, there are specific UK Home Office regulations on the control of certain substances, such as medical drugs,” said John Davies, MD at TDSi. “Auditing and traceability of drugs is a strong driver in the move for better security in hospitals. It makes sense to have good levels of security which readily allow patients and staff to reach areas they need to be in, whilst stopping unauthorized people from entering restricted areas.”
The security regulations for hospitals in Asia are inadequate. “Considering the fact that hospitals house so much expensive equipment, a huge inventory of drugs, laboratories, medical records, and operations that determine the lives of so many, hospitals are really easy targets for anyone with mischievous or even criminal intentions,” Lim said. “I believe this problem is not exclusive in Asian hospitals alone and there is a growing awareness from the health care industry about the potential risks they are exposed to.”