HIPAA Applications
Airports | Government | Human Resources | Law Enforcement | Consumer | Financial | Computer | HIPAA

Long-term Planning for Authentication Solutions


By Taylor Boon, chief technology officer for BNX Systems Corporation in Vienna, VA. Contact him at tboon@bnx.com.

Advanced end-user authentication is a hot topic in the healthcare industry right now, and for good reason. As healthcare organizations integrate access to information from multiple sources, including hospitals, physician offices, partners, payors and patients, developing a strategy for authentication and access privileges within an integrated environment becomes critical. With the continual removal of non-electronic means, all access privileges are increasingly tied to security and confidentiality.

Among the factors prompting organizations to consider new authentication solutions are online security for patient records, convenient information access for caregivers, and regulations such as the forthcoming HIPAA, which are mandating processes and policies that enforce scrutiny that did not exist until now.

Each of these factors alone will prompt a healthcare organization to abandon password-centric security. Finding an alternative authentication solution that meets all three requirements within an integrated system, however, may leave healthcare CIOs feeling like they are working at cross-purposes.

The complexity of the factors driving advanced authentication brings to mind that old adage—stop, look and listen. No other security solution is likely to impact an organization’s existing workflow processes more than the authentication measures used to verify the identity, authority and access privileges of users. Taking a careful look at your existing policies, procedures and environment can save you pain during implementation and, more importantly, ensure that your authentication solution meets your needs in the years to come.

One Size Doesn’t Fit All
One of the first considerations when contemplating an authentication solution should be workflow processes currently in place and how those would be affected by the introduction of different authentication methods. Nowhere is this more important than in areas of patient care.

If a caregiver needs immediate access to online patient records, seconds count. On the hospital floor, a proximity card, which automatically presents the user’s credentials, followed by a fingerprint scan, is likely to be a successful option. In an operating room, where caregivers wear masks and gloves, iris recognition may be the most suitable.

In the billing department however, time is not as critical. Users accessing sensitive records could be required to type in their user name and then verify their identity with one or multiple authentication methods. By taking into account the needs of your users and the environments in which they work, you can implement an authentication solution that enhances security while providing convenient, authorized access.

Complex Application Environments
Another key consideration is the nature of your application environment. As healthcare organizations move to an increasingly digital environment, an integrated delivery system requires the support for a wide variety of applications—legacy, client-server and Web-based. Vendor independence in the types of applications being deployed becomes extremely important.

The complexity created by such a heterogeneous application environment is exacerbated by the number of application-specific identities that must be reconciled. When reviewing authentication solutions, consider how application-specific identities and privileges are managed. In a highly complex environment, the ability to manage authentication to specific applications with context-based policies is crucial.

The distributed environment of an enterprise—organizationally, geographically and technologically—also has far-reaching implications for an authentication system. As computing becomes more pervasive, users access information from a variety of channels. Doctors may sign off on hospital charts from their home office, and lab results may be transmitted electronically.

Add to this the increasing use of PDA and other wireless devices and it becomes clear that users will soon have multiple means of accessing sensitive healthcare information. Just as an internal healthcare environment must be evaluated when deploying an authentication solution, so too must the external environment, for access needs that are both immediate and anticipated.

Long-term Strategy
Once you have surveyed your existing environment, designing a long-term strategy will not seem as daunting. The following key points will ensure that you achieve maximum flexibility as your integrated delivery system grows.

Centralize authentication management, delegate administration. Centralized authentication management, with the ability to delegate certain administrative rights, will enable you to manage your authentication based on existing roles and responsibilities. For example, one designated administrator may be responsible for user enrollment, while another manages authentication policies for specific applications or network resources.

Implement flexible authentication policies. Authentication policies should be tailored to users’ existing practices and provide all access privileges required for optimal job performance. The ability to balance practicality and security will be the key to rapid adoption of any policies you implement. You will need the flexibility to support authentication policies that not only support the multiple roles and responsibilities of caregivers, but also do not mandate security at the cost of convenience.

Anticipate integration needs. By surveying your application environment and anticipating what applications you may add in the future, you can save yourself costly and time-consuming integrations down the road. Many authentication solutions are already integrated and/or compliant with leading healthcare applications and standards.

Remain technology and vendor neutral. It is important to maintain the option of deploying the best-of- breed healthcare applications and authentication technologies available. Try to implement an authentication architecture that provides a “hub” to interoperate with different applications and authentication devices. This way you can retain the autonomy of selecting applications that are vendor neutral to work with authentication methods that are device independent.

Evolving Environment
Expect your authentication environment to evolve as regulations and policies become more clearly defined. With several key elements in place—flexible policy management, centralized administration and robust auditing capabilities—your authentication solution should be able to accommodate forthcoming regulations.

With sufficient planning and consideration, your new authentication solution should accommodate existing and anticipated security needs. Most importantly, it should enable you to strengthen security while providing convenient access for internal and external constituents within your integrated delivery system.

back
RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Datastrip
Datastrip is the leading provider of biometric verification devices in today's mobile arena, enabling fast, accurate identity verification.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use