HID Global provided digital identity solutions in rural health center

Size doesn’t matter to the cyber terrorists who are launching cyber attacks against small hospitals. A rural community healthcare provider with 250+ employees desired to improve how it safeguards patient information. To ensure compliance with Drug Enforcement Administration (DEA) requirements and Health Insurance Portability and Accountability Act (HIPAA) Security Rules, this rural medical center in the Mid-West adopted two-factor authentication for clinicians to secure their credentials, preventing forgeries and reducing risk of data breaches.

The medical center looked no further than the identity technology vendor that provides the physical access control readers on their facility’s doors as well as the ID badges in their hands – HID Global, a provider in trusted identity solutions – to create a trusted digital environment at the hospital.

Recognizing the convergence of people’s identities across location and digital boundaries, HID has become a one-stop shop for scalable physical access and digital identity solutions – affordable even in the most remote, rural areas.

Challenges

Protecting the access of electronic personal health information (ePHI) was a complex challenge for a hospital with limited resources. HIPAA requires that an individual or an entity accessing ePHI must be authenticated – verified – before access is granted. Like all healthcare providers under HIPAA, the hospital is expected to implement security measures that are sufficient to reduce risk and vulnerabilities, ensuring the confidentiality, integrity and availability of protected health records.

Moreover, the DEA requires that clinicians who are engaging in e-prescribing of controlled substances (EPCS) must adhere to strict requirements, including identity proofing and applying a two-factor authentication protocol with a FIPS 140-2 certified credential. The hospital also recognized that digital prescribing of schedule II-V narcotics is also a valiant way to beat down the opioid crisis.

While the requirement is clear, the problem was that this medical center in a rural part of the Mid-West did not have two-factor authentication capabilities, so its leadership team investigated a Presidential directive that sent them in the direction of HID Global.

Solution

To address the requirements it had to meet, the medical center used the Homeland Security Presidential Directive-12 (HSPD-12) as a template and guideline to create their own program for identity & access management (IAM). HSPD-12 sets policy for a common, reliable and secure identification standard for federal employees and contractors.

When the medical center’s team investigated what products the U.S. government was using for logical access, they discovered that many agencies in the federal government use HID ActivID multi-factor authentication technology.

The medical center was already using HID physical access control products (cards and readers), AsureID software and HID FARGO printers /encoders for card personalization and issuance. Based on their history of proven success with HID products, the medical center chose to standardize on the HID ActivID platform for multi-factor authentication using FIPS-certified Crescendo ID smart badges.

Because of limited bandwidth, the hospital also relied on HID Professional Services for successful deployment of the feature-rich, future-ready identity management platform.
 

Benefits

• Logical access onto the hospital’s corporate network and workstations
• Electronic prescriptions of controlled substances (specifically for clinicians)
• Physical access into buildings/rooms and cabinets
• Time-and-attendance
• Single sign-on (SSO) to the hospital’s EMR system and all web-based applications
• Email digital signatures and encryption
• Derived credentials
• Certificate-base authentication

• Higher security
• Compliance with government regulations
• Increased efficiency
• Greater productivity
• Cost savings
• More flexibility
• Ease of use