HEALTHCARE SECURITY
tration (DEA) mandate for a separate two-factor authentica- tion when using electronic prescribing for controlled substances (EPCS) solutions—a key weapon in the opioids battle.
Rather than addressing these two authentication requirements separately, administrators can realize significant cost efficiencies by moving to integrated systems that extend multi-factor authentica- tion across the entire identity and access management lifecycle. In- tegrated systems can also be designed to elevate trust through the use of digital certificates and signatures and signing, all backed by public key infrastructure (PKI) security. They can incorporate One Time Password (OTP) tokens and biometrics to comply with the DEA and HIPAA for Electronic Prescription of Controlled Sub- stances (EPCS), and the same systems can also be used to protect patient records and data, implement secure access to facilities, and authenticate remotely to VPNs using mobile devices.
Indeed, unified platforms offer the opportunity to tie every- thing together and automate other manual workflows. The result is an end-to-end physical identity and access management solu- tion that integrates with access control systems, logical identity and other internal applications so healthcare organizations can manage all types of physical identities and their details.
Truly converged access control will ultimately consist of a sin- gle security policy, one credential, and one audit log. The goal is a fully interoperable, multi-layered security infrastructure that is based on a flexible and adaptable platform. Such a platform will enable hospital administrators to preserve their investments as they grow, evolve, and continually improve their security capabili- ties in the face of ever-changing threats. The healthcare industry will deliver an improved patient experience, more comprehensive security view, and more coordinated approach for protecting pri- vacy while controlling access to patient data, electronic prescrip- tions, equipment and facilities.
The Power of Convergence
One of the first places where this convergence is happening is with the combination of physical and data security onto a single credential. In much the same way that users are gravitating to mobile solutions, in part, because they like how it interconnects their digital world, so too are healthcare institutions embrac- ing converged credentials. Users want to do far more with their trusted identity credentials than just open doors, especially when they also must access healthcare records, electronic prescriptions for controlled substance (EPCS) systems and other hospital sys- tems many times each day.
Healthcare institutions are among the first to harness the power of converged credentials. Many are using a cloud-based model to provision IDs and perform authentication for physical and logical access control, and for managing EPCS. The next step is to migrate to convergence solutions that pull everything related to identity management into a unified system capable of granting and managing access rights.
The convergence trend will drive the adoption of PIAM soft- ware to unify identity lifecycle management by connecting the enterprise’s multiple and disparate physical access control sys- tems (PACS) and IT security systems to other parts of the IT ecosystem such as user directories and HR systems. PIAM soft-
ware works with existing hardware and infrastructure to collect, collate, store, process and analyze identity and other data from multiple security and non-security solutions, becoming the hub for all these systems while also tying in key external services for running background checks or verifying the identities of visitors and others.
A single PIAM solution standardizes identity management for employees, contractors, visitors, suppliers, tenants and ven- dors, enabling organizations to manage all identities and issue credential across all buildings, systems, permissions and associ- ated workflows, regardless of the underlying access-control sys- tem at any given location. Visitor management is a particularly important element to consider when assessing hospital security— ideally, hospitals should integrate visitor management software with real-time patient feeds, preregistration information and the hospital’s access control system, and then use PIAM software to standardize identity management while tying in external services.
PIAM software also enables PACS to connect to cloud- based card issuance systems and wireless locks, and to location- based services that enable healthcare institutions to know where people and assets are in the building. Unifying identity manage- ment in this way improves efficiency and security while facilitat- ing new IoT use cases that connect the world of people with the world of things.
Protecting the Connected Hospital
When healthcare administrators deploy new IoT capabilities they must be confident patients will be safe. Today’s real-time and proximity-based location technologies create a trusted environ- ment for connecting, monitoring and managing patients, mobile clinicians and staff. They include a cloud service, portals and Bluetooth beacons in the form of smart cards and provide a one- card solution for both indoor positioning services and physical access control. Their cloud-based model and minimal hardware requirements also eliminate the expensive infrastructure setup of antennas, servers and wired infrastructure to further reduce total cost of ownership. Installation simply entails plugging in AC-powered BLE/WiFi gateways and then providing staff with the smart card beacon.
A big benefit of location-based services is the deeper analyt- ics they provide around the movement of personnel in a hospital building. This provides better insights for optimizing usage of facilities, common areas and individual exam and other rooms, as well as workflows in emergency departments and clinical op- erations. The proximity-based services verify when personnel are nearby a given area for use cases such as monitoring staff check in and check out. They also help organizations meet health and safety regulations by monitoring room occupancy.
Location-based services also can include visitor awareness capabilities to achieve a complete solution for checking in visi- tors, running background checks, managing identities and issu- ing credentials. The services also provide wayfinding for patients and visitors navigating the hospital, and historical information about where visitors and other people have been in the building in the event of an emergency, security breach or theft. Addition- ally, they can help staff to more efficiently manage physical assets,
NS6
0918 | NETWORKING SECURITY