In an effort to strengthen security measures to ensure the safety of patients, visitors and staff, health care facilities are upping their security game with improved technologies and solutions.
Theft and loss are major issues health care facilities are dealing with. To mitigate such occurrences, they must increase security measures, while at the same time adhere to regulations and stay within budgets, all while maintaining an open, welcoming atmosphere.
This, however, only plays one small part when considering the security needs of a health care facility. With markets around the world witnessing growth in the health care sector, security measures are also increasingly needed to secure, protect and help facilities properly adjust to the changing requirements that come with expansion.
Trends and Challenges
The challenges facing hospital security are complicated, ranging from workplace violence to wandering patients and abduction of infants. Security measures must be able to recognize the different types of persons within the hospital, limiting access to certain areas while keeping other areas easily accessible. This presents logistical challenges since health care facilities, particularly hospitals, are often large and spread out over a wide area. What this means for the security solution is the locks may need to integrate with fire detection, video surveillance and other systems.
However, not all of these users are created equal, explained Thomas Schulz, Marketing and Communications Director of EMEA at Assa Abloy
. “Medical staff, cleaners, patients, and their visitors, and countless temporary and contract workers all need access tailored to their specific and very different needs,” he said. “Labs with a steady flow of visitors and contractors are safer if access is managed with time-limited keys that can be revoked or revalidated when required.”
Chad Parris, President of Security Risk Management Consultants, noted that “the synthetization process of security programs and more importantly the differing disparate technologies create significant challenges to security managers and directors’ intent on creating standard platforms across the enterprise.” The result is a daunting, expensive and long-term challenge for those seeking to unify systems such as video and particularly access control, where organizations want to create a “one-card” solution for all facilities.
Yet, one-card solutions are now in demand. This opportunity to “do more with the card” was highlighted by Shelia Loy, Director of Healthcare Solutions for Identity and Access Management in North America for HID Global.“Hospitals can offer physicians, nurses, and staff one card for accessing the emergency room and pharmacy, and for visual ID verification, time-and-attendance logging, payroll transactions, and cafeteria purchases. This simplifies life for cardholders while centralizing and streamlining management.”
Invisible Attacks on Patient Records
Now that patient records are all digitized, health care facilities must be vigilant in protecting patient records from cyberattacks. This year alone, several health care facilities across the U.S. were targets of ransomware attacks, resulting in millions of patient records being stolen.
“Physical security continues to be important, as the focus on patient privacy protection continues to rise,” Loy said. “Health data is at least as valuable as financial data in the on-line banking industry, where a layered system approach is used to ensure that appropriate risk mitigation levels can be applied. Even though patients don’t access health care information as frequently as do on-line bankers, and aren’t protected by the same regulatory compliance requirements, they can benefit from the same multi-layered authentication mechanisms, both inside and outside the hospital.”In order to thwart such attacks, health care organizations need a versatile authentication platform with real-time threat detection capabilities in order to effectively implement multi-layered security.
Loy explained that to protect information, access control systems now also deliver the ability to “tap” in and out of computer applications.
One way of doing this is through access control systems. “Although traditional access control technologies on doors parking secure parking lots have been utilized in health care organizations for years, we are seeing a significant upward trend towards the implementation of controlling access to sensitive health information to ensure HIPPA and EPCS compliance. Solutions are emerging that create a more secure log-on process to hospital workstations through the use of multi-factor authentication using the traditional access control credential (card), PIN and even biometric,” Parris said.
Loy explained that to protect information, access control systems now also deliver the ability to “tap” in and out of computer applications. This eliminates complex passwords and password fatigue where it can require 20 or more logins each day in order to access a hospital’s enterprise data and services.
This system works by users tapping their ID card to a laptop, tablet, phone, or other NFC-enabled device to access network resources, cloud apps, and web-based services. “It’s easier and more secure than passwords, and faster and more seamless and convenient than dedicated hardware one-time passwords (OTPs) and display cards or other physical devices. Plus, there is the added benefit of using the same card that opens doors to also access data and cloud-based applications,” she explained.