Seven Habits of Highly-Effective Healthcare Security (without Sacrificing Clinician Workflow)

Healthcare access management plays an integral role in the healthcare industry these days, with patient data security and breach disclosure notification mandates front and center with HIPAA compliance, HITECH incentives and other mandates from various parts of the world focused on protecting personal health information (PHI).

Coming out of HIMSS 2010, it was clear that patient data security was a chief concern, but so was the need for improved clinician workflows. For all the requirements driven by new laws and the stimulus bill, what was overlooked was the impact of security in the real-world hospital environment from a user perspective. Forcing someone to change habits and daily routines is difficult, if not impossible, to do. Therefore, it is integral to the successful adoption of these security endeavors that they be paired with improving workflow. If change makes people’s lives easier, it’s easier for them to embrace. It doesn’t need to be an either/or argument.

• As such, here are our seven habits of highly-effective healthcare security:
  Ensure adequate password complexity across systems and applications logons to protect PHI
• Auto-generate strong passwords where possible to simplify the backend security process; take the task out of your hands and focus your attention where it can be better utilized
• Rely on technology that is easy to implement (for you) and support (for your users)
• Select strong authentication technologies (e.g., fingerprint biometrics) that simplify user access to help achieve user adoption
• Seek solutions that have built-in audit logging and reporting capabilities; when compliance audits knock, proof should be a quick click away
• Manage password resets through self-service portal : enabling clinicians to solve simple password problems themselves eliminates unnecessary IT costs and reduces instances of password sharing across the medical unit or nurses station
• Fast access termination across systems and applications is mission-critical, as unattended workstations create a gaping hole in even the best-laid security plans

From a high-level, aligning with these habits can help secure user access in your healthcare organization, but as I mentioned workflow MUST be improved at the same time. Be sure whatever security solutions you’re deploying are easy for users to embrace. Practical security innovations born from real-world clinician workflows can deliver the best in both transparent security and user productivity. This is why the use of healthcare single sign-on and strong authentication that is easy for clinicians to use and doesn’t disrupt workflow is so attractive.

Do you have any good healthcare security habits to share? We’d love to hear them!

--David