Relentless technology advancement, the push for Electronic Medical Records (EMR) and integrating diagnostic device data, treatments, and patient history and response are priorities for healthcare facilities today. The challenge is not limited to systems and technologies within a facility, but across facilities because physicians and specialists often practice or share patients across facilities depending on the treatment course. With medical transcription increasingly getting outsourced, much information is managed and compiled externally but access is required when the patient visits.
While the intent of this advancement in technology is to provide ready access to information at the time of service delivery, healthcare practitioners (physicians, nurses, dieticians, specialists) must access multiple systems to get the information they need. Doctors find their productivity reduced by the time it takes them to log in and out. HIPAA compliance mandates patient information be available on a "need" basis to protect the privacy of the patients. Yet, it is not uncommon to find user IDs and passwords posted on or near the computer. With patient care -- not data security -- the primary objective, it is not uncommon for practitioners to stay logged on to a system for extended periods, even when they step away and give others access. The challenge, therefore, is to leverage technology to increase the quality of healthcare while improving the productivity of the practitioners, without compromising the privacy of the patient.
Remembering more passwords or using single-sign-on (SSO) technology may not be the answer for healthcare. Second factor authentication increases security without impacting productivity. Second factor authentication using external devices such as tokens, or proximity cards requires significant upfront investment for acquisition, integration, and training. Moreover, external devices tend to get lost or "borrowed", compromising the security of systems and the patient.
Consider, instead, using the behavioral characteristics of practitioners as a second factor. Individuals are products of many variables in unique combination that define specific cognitive capabilities. Given how a person responds to the environment - from typing on a keyboard, to thinking, and behavior given certain external stimuli, it is possible to capture behavioral characteristics, match them with environmental and system variables to assemble a unique digital imprint of a user.
This goes beyond identifying an individual based on what a person knows (User ID and Password) and what a person has (cell phone, token ID). Systems can identify an individual based on "who they are" and "what they do".
Albert Einstein said, "The significant problems that we face cannot be solved at the same level of thinking we were at when we created them". Leveraging the capabilities available requires a paradigm shift in thinking. Security does not have to be physically bolted on to an individual. It can be the individual, using keystroke dynamics, reflective thinking, environmental, and system variables. The system must provide identity verification for the user in real time. The solution must monitor multiple factors and assess risk based on business policies and guidelines to provide a true multi-factor risk-based authentication solution that protects the system from fraudulent attack and increases the user productivity.
Delfigo Security offers a zero footprint security solution platform that helps companies provide strong authentication to protect against identity and data theft.
Bharat Nair is Vice President of Business Development at Delfigo Security, http://www.delfigosecurity.com/, Boston, MA. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or by phone at 1.617.248.6501