How the HITECH Act May Affect Your Healthcare Facility

Combining physical and network access control can help your organization comply with this recently enacted federal law.

How the HITECH Act May Affect Your Healthcare Facility

For two-factor authentication, a proximity card can be used in conjunction with desktop computer software and card reader for employee log-in to Windows. The employee is logged in to Windows after presenting the card to the desktop computer reader and entering a PIN. This process replaces the traditional Windows username and password process and provides convenient and secure log in.

For a higher level of security and additional capabilities, a contactless smart card can be used in place of a proximity card. Contactless smart cards utilize a more robust chip technology that transmits data through a secure encrypted tunnel.

In addition to providing two-factor authentication, the increased security and greater memory capacity of contactless smart cards enables them to be used for secure print release, cashless vending or other applications. The secure print release functionality is especially applicable in a healthcare environment since a contactless card must be presented at the printer in order for a job to begin printing. With HIPAA driving additional scrutiny relating to patient privacy and secure processes, this solution ensures sensitive information is delivered to authorized personnel only.

Organizations with the most stringent security requirements often consider contact smart card technology. With contact smart cards, digital certificates are loaded to the contact module and the data is authenticated utilizing Public Key Infrastructure (PKI). In addition to being used as an identity card, contact smart cards can be used to authenticate a user to a VPN or WLAN, or to digitally sign a document or to encrypt a hard drive, folder, file or E-mail.

While more costly than contactless smart cards, highly regulated industries, such as oil and gas and the federal government have adopted PKI and contact smart card technologies to meet the rigorous demands of numerous regulatory standards.

Key Cards Ease Access of Authorized Individuals

In today’s increasingly risk-conscious organizations, smart card technology in its various forms is fast becoming a basic, non-negotiable part of the IT security infrastructure. Properly implemented, this technology can fortify both data security and physical access control, while making it far easier for healthcare professionals to access the in
formation they need.

The availability of smart card technology is making it possible for hospital campuses and facilities to leverage their existing physical access control infrastructure, while adding new data security functionality at a reasonable cost. The convenience of using a single card for physical and data security has many organizations re-examining the value of merging currently independent systems to achieve solutions that are robust, easily managed and that optimize the organization’s existing infrastructure.

When balancing the benefits of access management solutions against the costs of reputational damage, security breaches and non-compliance, utilizing smart card technology can offer exceptional value by maximizing security investments while facilitating compliance to current and future healthcare industry-related regulations.

Greg Sarrail is director business development at HID Global, and Sheila K. Stromberg is director of end user strategies at HID Global. For more information on the company, visit

Data Breaches Declined 32% in 2009

In 2009, there were 498 breaches, which is less than the 657 reported in 2008 but more than the 446 in 2007, according to the 2009 Identity Theft Resource Center Breach Report. Despite the apparent overall reduction in incidents last year, the study claims it is difficult to determine if the number of breaches is increasing or decreasing.

The report’s main highlights include:

  • Paper breaches accounted for nearly 26 percent of known breaches (an increase of 46 percent compared to 2008).
  • Malicious attacks surpassed human error for the first time in three years.
  • Out of 498 breaches, only six reported that there were either encryption or other strong security features protecting the exposed data.

U.S. universities experienced 58 breaches in 2009, with the University of California, Berkeley reporting the greatest number of records being compromised: 160,000. Thirty three hospitals had breaches, the largest of which involved Jackson Memorial Hospital.

Approximately 200,000 records from that institution were compromised. K-12 schools experienced 20 breaches last year.

The report notes, however, that in more than 52 percent of the breaches publicly reported, no statement of the number of records exposed was given. Therefore, it is unknown how many total records may have been exposed due to breaches in 2009.

2010 Hospital Data Breaches

As of April 13, the following hospitals have reported they have experienced computer network breaches this year:

  • Boulder Community Hospital (Colo.)
  • Children’s Medical Center of Dallas (Texas)
  • City of Hope National Medical Center (Calif.)
  • Griffin Hospital (Conn.)
  • Holy Cross Hospital (Fla.)
  • John Muir Health (Calif.)
  • Lucille Packard Children’s Hospital (Calif.)
  • Methodist Hospital, Texas Medical Center (Texas)
  • Millbrook Medical Center (Md.)
  • Montefiore Medical Center (N.Y.)
  • North Carolina Baptist Hospital (N.C.)
  • North Ridge Medical Center (Fla.)
  • Providence Hospital (Mich.)
  • St. Francis Hospital (Okla.)
  • University of California, San Francisco (Calif.)
  • University of Texas Medical Branch, Galveston (Texas)
  • University of Texas Southwestern Medical Center (Texas)
  • University of Washington Medical Center (Wash.)
  • Wake Forest University Baptist Medical Center (N.C.)

Source: Identity Theft Resource Center


Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ