Electronic Medical Record Security
Securing EMRs is one simple call away
Upstate Medical University and OhioHealth fi nd PhoneFactor’s phone-based authentication solution to be just the right prescription.
ne of the chief concerns of widespread implementation of electronic medical re- cords (EMRs) is how to secure those records. With the volume of electronic data growing exponentially and access points expanding outside the hospital walls, securing access to hospital networks and the protected health records they contain requires strong, two-factor authentication. However, solutions like security tokens are costly to implement and a pain for IT departments and end users. Increasingly, healthcare organizations are swapping out their security tokens for an innovative authentica- tion solution that leverages a device users already have – their phone – to enable strong security that is both user friendly and cost effective. The Upstate Medical University in Syracuse, N.Y., recently implemented phone-based authentication from PhoneFactor to secure their growing base of remote users. The result: increased remote usage with less hassle for both the end users and the IT staff, which enables healthcare practitioners to focus on their number one priority – patient care. Upstate Medical University, the region’s only Level 1 trauma center, hosts more than 80 specialty clinics and serves more than 300,000 patients every year at the hospital and its ambulatory sites with a network of 400 physicians and 300 residents.
Upstate had been using security tokens to provide an important second factor of authentication for remote access via SSL VPN from home and other remote loca- tions. Over time, the system proved to be expensive and cumbersome for IT to manage. Security tokens had to be provisioned by IT and carried by each user. Adoption among staff and clinicians was low. Upstate began look- ing for an alternative that provided strong security for access to patient data without the hassles experienced with tokens. After evaluating several different two-factor security solutions, Upstate chose to do a pilot program with PhoneFactor’s phone-based authentication platform. By utilizing each user’s existing phone, the solution could be rapidly enabled with virtually no effort by IT.
20 September 2010
When logging in, the user simply gets an automated call to confi rm identity. Upstate piloted the solution with their pharmacy department and select physicians, and the initial feedback was very positive as users indicated they were highly satisfi ed with the ease of use offered by PhoneFactor.
“We decided to switch to PhoneFactor’s
two-factor solution from tokens because it’s a ‘one and done’ solution.”
“We wanted to provide a secure solution without hav- ing to manage another process that required us to hand out something like a token to our providers. PhoneFactor is easy to use and provision. Everyone understands what it means when their phone rings and knows to answer it,” says R.J. Dollard, manager of IT customer support services. Mark Zeman, associate administrator for in- tegrated technical and materials support, adds, “If the users do not accept the security process, they won’t use it. A very small percentage of our users utilized tokens to access the network. When we offered PhoneFactor as an option, we saw a signifi cant increase in the number of remote connections; more than double what we had with tokens.”
OhioHealth, a nationally recognized, not-for-profi t healthcare organization based in Columbus, Ohio, also faced a number of challenges using security tokens to se- cure the records of patients in its 17 hospitals and numer- ous health and surgery centers, home-health providers, medical equipment and health service suppliers. Unlike Upstate Medical University, whose token deployment was limited, OhioHealth was managing more than 4,300 tokens used by physicians and other healthcare practi- tioners (most of whom were not hospital employees) to authenticate access to critical patient information. Each of the issues Upstate faced in deploying tokens and supporting users was amplifi ed by the large number of tokens in use at OhioHealth.
HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com